diff --git a/packs/kubeflow-1.9.1/README.md b/packs/kubeflow-1.9.1/README.md new file mode 100644 index 00000000..43ddfea8 --- /dev/null +++ b/packs/kubeflow-1.9.1/README.md @@ -0,0 +1,10 @@ +# Description + +# Kubernetes versions supported: + +# Constraints: + +# Cloud types supported: + +# References: + - \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kserve-0.13.0.tgz b/packs/kubeflow-1.9.1/charts/kserve-0.13.0.tgz new file mode 100644 index 00000000..e180387a Binary files /dev/null and b/packs/kubeflow-1.9.1/charts/kserve-0.13.0.tgz differ diff --git a/packs/kubeflow-1.9.1/charts/kserve/.helmignore b/packs/kubeflow-1.9.1/charts/kserve/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kserve/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/packs/kubeflow-1.9.1/charts/kserve/Chart.yaml b/packs/kubeflow-1.9.1/charts/kserve/Chart.yaml new file mode 100644 index 00000000..43e9bfd4 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kserve/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: kserve +description: KServe CRDs + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.13.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.13.0" \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kserve/crds/kserve.yaml b/packs/kubeflow-1.9.1/charts/kserve/crds/kserve.yaml new file mode 100644 index 00000000..cc727039 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kserve/crds/kserve.yaml @@ -0,0 +1,21920 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + labels: + app: kserve + app.kubernetes.io/name: kserve + name: clusterservingruntimes.serving.kserve.io +spec: + group: serving.kserve.io + names: + kind: ClusterServingRuntime + listKind: ClusterServingRuntimeList + plural: clusterservingruntimes + singular: clusterservingruntime + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .spec.disabled + name: Disabled + type: boolean + - jsonPath: .spec.supportedModelFormats[*].name + name: ModelType + type: string + - jsonPath: .spec.containers[*].name + name: Containers + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + builtInAdapter: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + memBufferBytes: + type: integer + modelLoadingTimeoutMillis: + type: integer + runtimeManagementPort: + type: integer + serverType: + type: string + type: object + containers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + disabled: + type: boolean + grpcDataEndpoint: + type: string + grpcEndpoint: + type: string + httpDataEndpoint: + type: string + imagePullSecrets: + items: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + type: array + labels: + additionalProperties: + type: string + type: object + multiModel: + type: boolean + nodeSelector: + additionalProperties: + type: string + type: object + protocolVersions: + items: + type: string + type: array + replicas: + type: integer + storageHelper: + properties: + disabled: + type: boolean + type: object + supportedModelFormats: + items: + properties: + autoSelect: + type: boolean + name: + type: string + priority: + format: int32 + minimum: 1 + type: integer + version: + type: string + required: + - name + type: object + type: array + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + properties: + volumeClaimTemplate: + properties: + metadata: + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + required: + - spec + type: object + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + required: + - containers + type: object + status: + type: object + type: object + served: true + storage: true + subresources: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + labels: + app: kserve + app.kubernetes.io/name: kserve + name: clusterstoragecontainers.serving.kserve.io +spec: + group: serving.kserve.io + names: + kind: ClusterStorageContainer + listKind: ClusterStorageContainerList + plural: clusterstoragecontainers + singular: clusterstoragecontainer + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + disabled: + type: boolean + kind: + type: string + metadata: + type: object + spec: + properties: + container: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + supportedUriFormats: + items: + properties: + prefix: + type: string + regex: + type: string + type: object + type: array + required: + - container + - supportedUriFormats + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + labels: + app: kserve + app.kubernetes.io/name: kserve + name: inferencegraphs.serving.kserve.io +spec: + group: serving.kserve.io + names: + kind: InferenceGraph + listKind: InferenceGraphList + plural: inferencegraphs + shortNames: + - ig + singular: inferencegraph + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.url + name: URL + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + maxReplicas: + type: integer + minReplicas: + type: integer + nodes: + additionalProperties: + properties: + routerType: + enum: + - Sequence + - Splitter + - Ensemble + - Switch + type: string + steps: + items: + properties: + condition: + type: string + data: + type: string + dependency: + enum: + - Soft + - Hard + type: string + name: + type: string + nodeName: + type: string + serviceName: + type: string + serviceUrl: + type: string + weight: + format: int64 + type: integer + type: object + type: array + required: + - routerType + type: object + type: object + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + scaleMetric: + enum: + - cpu + - memory + - concurrency + - rps + type: string + scaleTarget: + type: integer + timeout: + format: int64 + type: integer + required: + - nodes + type: object + status: + properties: + annotations: + additionalProperties: + type: string + type: object + conditions: + items: + properties: + lastTransitionTime: + type: string + message: + type: string + reason: + type: string + severity: + type: string + status: + type: string + type: + type: string + required: + - status + - type + type: object + type: array + observedGeneration: + format: int64 + type: integer + url: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: kubeflow/serving-cert + controller-gen.kubebuilder.io/version: v0.12.0 + labels: + app: kserve + app.kubernetes.io/name: kserve + name: inferenceservices.serving.kserve.io +spec: + group: serving.kserve.io + names: + kind: InferenceService + listKind: InferenceServiceList + plural: inferenceservices + shortNames: + - isvc + singular: inferenceservice + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.url + name: URL + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.components.predictor.traffic[?(@.tag=='prev')].percent + name: Prev + type: integer + - jsonPath: .status.components.predictor.traffic[?(@.latestRevision==true)].percent + name: Latest + type: integer + - jsonPath: .status.components.predictor.traffic[?(@.tag=='prev')].revisionName + name: PrevRolledoutRevision + type: string + - jsonPath: .status.components.predictor.traffic[?(@.latestRevision==true)].revisionName + name: LatestReadyRevision + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + explainer: + properties: + activeDeadlineSeconds: + format: int64 + type: integer + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + art: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + config: + additionalProperties: + type: string + type: object + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + runtimeVersion: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + storage: + properties: + key: + type: string + parameters: + additionalProperties: + type: string + type: object + path: + type: string + schemaPath: + type: string + type: object + storageUri: + type: string + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + type: + type: string + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + type: object + automountServiceAccountToken: + type: boolean + batcher: + properties: + maxBatchSize: + type: integer + maxLatency: + type: integer + timeout: + type: integer + type: object + canaryTrafficPercent: + format: int64 + type: integer + containerConcurrency: + format: int64 + type: integer + containers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + deploymentStrategy: + properties: + rollingUpdate: + properties: + maxSurge: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + type: + type: string + type: object + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + options: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + searches: + items: + type: string + type: array + type: object + dnsPolicy: + type: string + enableServiceLinks: + type: boolean + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + ip: + type: string + type: object + type: array + hostIPC: + type: boolean + hostNetwork: + type: boolean + hostPID: + type: boolean + hostUsers: + type: boolean + hostname: + type: string + imagePullSecrets: + items: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + type: object + logger: + properties: + mode: + enum: + - all + - request + - response + type: string + url: + type: string + type: object + maxReplicas: + type: integer + minReplicas: + type: integer + nodeName: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: atomic + os: + properties: + name: + type: string + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + preemptionPolicy: + type: string + priority: + format: int32 + type: integer + priorityClassName: + type: string + readinessGates: + items: + properties: + conditionType: + type: string + required: + - conditionType + type: object + type: array + resourceClaims: + items: + properties: + name: + type: string + source: + properties: + resourceClaimName: + type: string + resourceClaimTemplateName: + type: string + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + restartPolicy: + type: string + runtimeClassName: + type: string + scaleMetric: + enum: + - cpu + - memory + - concurrency + - rps + type: string + scaleTarget: + type: integer + schedulerName: + type: string + schedulingGates: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + securityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + serviceAccountName: + type: string + setHostnameAsFQDN: + type: boolean + shareProcessNamespace: + type: boolean + subdomain: + type: string + terminationGracePeriodSeconds: + format: int64 + type: integer + timeout: + format: int64 + type: integer + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + topologySpreadConstraints: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + format: int32 + type: integer + minDomains: + format: int32 + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + properties: + volumeClaimTemplate: + properties: + metadata: + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + required: + - spec + type: object + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + predictor: + properties: + activeDeadlineSeconds: + format: int64 + type: integer + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + automountServiceAccountToken: + type: boolean + batcher: + properties: + maxBatchSize: + type: integer + maxLatency: + type: integer + timeout: + type: integer + type: object + canaryTrafficPercent: + format: int64 + type: integer + containerConcurrency: + format: int64 + type: integer + containers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + deploymentStrategy: + properties: + rollingUpdate: + properties: + maxSurge: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + type: + type: string + type: object + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + options: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + searches: + items: + type: string + type: array + type: object + dnsPolicy: + type: string + enableServiceLinks: + type: boolean + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + ip: + type: string + type: object + type: array + hostIPC: + type: boolean + hostNetwork: + type: boolean + hostPID: + type: boolean + hostUsers: + type: boolean + hostname: + type: string + huggingface: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + protocolVersion: + type: string + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + runtimeVersion: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + storage: + properties: + key: + type: string + parameters: + additionalProperties: + type: string + type: object + path: + type: string + schemaPath: + type: string + type: object + storageUri: + type: string + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + type: object + imagePullSecrets: + items: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + type: object + lightgbm: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + protocolVersion: + type: string + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + runtimeVersion: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + storage: + properties: + key: + type: string + parameters: + additionalProperties: + type: string + type: object + path: + type: string + schemaPath: + type: string + type: object + storageUri: + type: string + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + type: object + logger: + properties: + mode: + enum: + - all + - request + - response + type: string + url: + type: string + type: object + maxReplicas: + type: integer + minReplicas: + type: integer + model: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + modelFormat: + properties: + name: + type: string + version: + type: string + required: + - name + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + protocolVersion: + type: string + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + runtime: + type: string + runtimeVersion: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + storage: + properties: + key: + type: string + parameters: + additionalProperties: + type: string + type: object + path: + type: string + schemaPath: + type: string + type: object + storageUri: + type: string + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + type: object + nodeName: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: atomic + onnx: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + protocolVersion: + type: string + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + runtimeVersion: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + storage: + properties: + key: + type: string + parameters: + additionalProperties: + type: string + type: object + path: + type: string + schemaPath: + type: string + type: object + storageUri: + type: string + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + type: object + os: + properties: + name: + type: string + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + paddle: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + protocolVersion: + type: string + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + runtimeVersion: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + storage: + properties: + key: + type: string + parameters: + additionalProperties: + type: string + type: object + path: + type: string + schemaPath: + type: string + type: object + storageUri: + type: string + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + type: object + pmml: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + protocolVersion: + type: string + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + runtimeVersion: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + storage: + properties: + key: + type: string + parameters: + additionalProperties: + type: string + type: object + path: + type: string + schemaPath: + type: string + type: object + storageUri: + type: string + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + type: object + preemptionPolicy: + type: string + priority: + format: int32 + type: integer + priorityClassName: + type: string + pytorch: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + protocolVersion: + type: string + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + runtimeVersion: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + storage: + properties: + key: + type: string + parameters: + additionalProperties: + type: string + type: object + path: + type: string + schemaPath: + type: string + type: object + storageUri: + type: string + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + type: object + readinessGates: + items: + properties: + conditionType: + type: string + required: + - conditionType + type: object + type: array + resourceClaims: + items: + properties: + name: + type: string + source: + properties: + resourceClaimName: + type: string + resourceClaimTemplateName: + type: string + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + restartPolicy: + type: string + runtimeClassName: + type: string + scaleMetric: + enum: + - cpu + - memory + - concurrency + - rps + type: string + scaleTarget: + type: integer + schedulerName: + type: string + schedulingGates: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + securityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + serviceAccountName: + type: string + setHostnameAsFQDN: + type: boolean + shareProcessNamespace: + type: boolean + sklearn: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + protocolVersion: + type: string + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + runtimeVersion: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + storage: + properties: + key: + type: string + parameters: + additionalProperties: + type: string + type: object + path: + type: string + schemaPath: + type: string + type: object + storageUri: + type: string + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + type: object + subdomain: + type: string + tensorflow: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + protocolVersion: + type: string + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + runtimeVersion: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + storage: + properties: + key: + type: string + parameters: + additionalProperties: + type: string + type: object + path: + type: string + schemaPath: + type: string + type: object + storageUri: + type: string + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeout: + format: int64 + type: integer + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + topologySpreadConstraints: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + format: int32 + type: integer + minDomains: + format: int32 + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + triton: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + protocolVersion: + type: string + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + runtimeVersion: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + storage: + properties: + key: + type: string + parameters: + additionalProperties: + type: string + type: object + path: + type: string + schemaPath: + type: string + type: object + storageUri: + type: string + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + type: object + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + properties: + volumeClaimTemplate: + properties: + metadata: + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + required: + - spec + type: object + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + xgboost: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + protocolVersion: + type: string + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + runtimeVersion: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + storage: + properties: + key: + type: string + parameters: + additionalProperties: + type: string + type: object + path: + type: string + schemaPath: + type: string + type: object + storageUri: + type: string + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + type: object + type: object + transformer: + properties: + activeDeadlineSeconds: + format: int64 + type: integer + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + automountServiceAccountToken: + type: boolean + batcher: + properties: + maxBatchSize: + type: integer + maxLatency: + type: integer + timeout: + type: integer + type: object + canaryTrafficPercent: + format: int64 + type: integer + containerConcurrency: + format: int64 + type: integer + containers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + deploymentStrategy: + properties: + rollingUpdate: + properties: + maxSurge: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + type: + type: string + type: object + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + options: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + searches: + items: + type: string + type: array + type: object + dnsPolicy: + type: string + enableServiceLinks: + type: boolean + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + ip: + type: string + type: object + type: array + hostIPC: + type: boolean + hostNetwork: + type: boolean + hostPID: + type: boolean + hostUsers: + type: boolean + hostname: + type: string + imagePullSecrets: + items: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + type: object + logger: + properties: + mode: + enum: + - all + - request + - response + type: string + url: + type: string + type: object + maxReplicas: + type: integer + minReplicas: + type: integer + nodeName: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: atomic + os: + properties: + name: + type: string + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + preemptionPolicy: + type: string + priority: + format: int32 + type: integer + priorityClassName: + type: string + readinessGates: + items: + properties: + conditionType: + type: string + required: + - conditionType + type: object + type: array + resourceClaims: + items: + properties: + name: + type: string + source: + properties: + resourceClaimName: + type: string + resourceClaimTemplateName: + type: string + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + restartPolicy: + type: string + runtimeClassName: + type: string + scaleMetric: + enum: + - cpu + - memory + - concurrency + - rps + type: string + scaleTarget: + type: integer + schedulerName: + type: string + schedulingGates: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + securityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + serviceAccountName: + type: string + setHostnameAsFQDN: + type: boolean + shareProcessNamespace: + type: boolean + subdomain: + type: string + terminationGracePeriodSeconds: + format: int64 + type: integer + timeout: + format: int64 + type: integer + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + topologySpreadConstraints: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + format: int32 + type: integer + minDomains: + format: int32 + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + properties: + volumeClaimTemplate: + properties: + metadata: + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + required: + - spec + type: object + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + required: + - predictor + type: object + status: + properties: + address: + properties: + CACerts: + type: string + audience: + type: string + name: + type: string + url: + type: string + type: object + annotations: + additionalProperties: + type: string + type: object + components: + additionalProperties: + properties: + address: + properties: + CACerts: + type: string + audience: + type: string + name: + type: string + url: + type: string + type: object + grpcUrl: + type: string + latestCreatedRevision: + type: string + latestReadyRevision: + type: string + latestRolledoutRevision: + type: string + previousRolledoutRevision: + type: string + restUrl: + type: string + traffic: + items: + properties: + configurationName: + type: string + latestRevision: + type: boolean + percent: + format: int64 + type: integer + revisionName: + type: string + tag: + type: string + url: + type: string + type: object + type: array + url: + type: string + type: object + type: object + conditions: + items: + properties: + lastTransitionTime: + type: string + message: + type: string + reason: + type: string + severity: + type: string + status: + type: string + type: + type: string + required: + - status + - type + type: object + type: array + modelStatus: + properties: + copies: + properties: + failedCopies: + default: 0 + type: integer + totalCopies: + type: integer + required: + - failedCopies + type: object + lastFailureInfo: + properties: + exitCode: + format: int32 + type: integer + location: + type: string + message: + type: string + modelRevisionName: + type: string + reason: + enum: + - ModelLoadFailed + - RuntimeUnhealthy + - RuntimeDisabled + - NoSupportingRuntime + - RuntimeNotRecognized + - InvalidPredictorSpec + type: string + time: + format: date-time + type: string + type: object + states: + properties: + activeModelState: + default: Pending + enum: + - "" + - Pending + - Standby + - Loading + - Loaded + - FailedToLoad + type: string + targetModelState: + default: "" + enum: + - "" + - Pending + - Standby + - Loading + - Loaded + - FailedToLoad + type: string + required: + - activeModelState + type: object + transitionStatus: + default: UpToDate + enum: + - "" + - UpToDate + - InProgress + - BlockedByFailedLoad + - InvalidSpec + type: string + required: + - transitionStatus + type: object + observedGeneration: + format: int64 + type: integer + url: + type: string + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + labels: + app: kserve + app.kubernetes.io/name: kserve + name: servingruntimes.serving.kserve.io +spec: + group: serving.kserve.io + names: + kind: ServingRuntime + listKind: ServingRuntimeList + plural: servingruntimes + singular: servingruntime + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.disabled + name: Disabled + type: boolean + - jsonPath: .spec.supportedModelFormats[*].name + name: ModelType + type: string + - jsonPath: .spec.containers[*].name + name: Containers + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + builtInAdapter: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + memBufferBytes: + type: integer + modelLoadingTimeoutMillis: + type: integer + runtimeManagementPort: + type: integer + serverType: + type: string + type: object + containers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + disabled: + type: boolean + grpcDataEndpoint: + type: string + grpcEndpoint: + type: string + httpDataEndpoint: + type: string + imagePullSecrets: + items: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + type: array + labels: + additionalProperties: + type: string + type: object + multiModel: + type: boolean + nodeSelector: + additionalProperties: + type: string + type: object + protocolVersions: + items: + type: string + type: array + replicas: + type: integer + storageHelper: + properties: + disabled: + type: boolean + type: object + supportedModelFormats: + items: + properties: + autoSelect: + type: boolean + name: + type: string + priority: + format: int32 + minimum: 1 + type: integer + version: + type: string + required: + - name + type: object + type: array + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + properties: + volumeClaimTemplate: + properties: + metadata: + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + required: + - spec + type: object + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + required: + - containers + type: object + status: + type: object + type: object + served: true + storage: true + subresources: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + labels: + app: kserve + app.kubernetes.io/name: kserve + name: trainedmodels.serving.kserve.io +spec: + group: serving.kserve.io + names: + kind: TrainedModel + listKind: TrainedModelList + plural: trainedmodels + shortNames: + - tm + singular: trainedmodel + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.url + name: URL + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + inferenceService: + type: string + model: + properties: + framework: + type: string + memory: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + storageUri: + type: string + required: + - framework + - memory + - storageUri + type: object + required: + - inferenceService + - model + type: object + status: + properties: + address: + properties: + CACerts: + type: string + audience: + type: string + name: + type: string + url: + type: string + type: object + annotations: + additionalProperties: + type: string + type: object + conditions: + items: + properties: + lastTransitionTime: + type: string + message: + type: string + reason: + type: string + severity: + type: string + status: + type: string + type: + type: string + required: + - status + - type + type: object + type: array + observedGeneration: + format: int64 + type: integer + url: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: kserve + app.kubernetes.io/instance: kserve-controller-manager + app.kubernetes.io/managed-by: kserve-controller-manager + app.kubernetes.io/name: kserve + name: kserve-controller-manager + namespace: kubeflow +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: kserve + app.kubernetes.io/name: kserve + name: kserve-leader-election-role + namespace: kubeflow +rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - list + - update + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - configmaps/status + verbs: + - get + - update + - patch + - apiGroups: + - "" + resources: + - events + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: kserve + app.kubernetes.io/name: kserve + name: kserve-manager-role +rules: + - apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - get + - update + - apiGroups: + - "" + resources: + - events + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - patch + - update + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get + - apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - networking.istio.io + resources: + - virtualservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - networking.istio.io + resources: + - virtualservices/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - networking.istio.io + resources: + - virtualservices/status + verbs: + - get + - patch + - update + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - serving.knative.dev + resources: + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - serving.knative.dev + resources: + - services/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - serving.knative.dev + resources: + - services/status + verbs: + - get + - patch + - update + - apiGroups: + - serving.kserve.io + resources: + - clusterservingruntimes + - clusterservingruntimes/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - serving.kserve.io + resources: + - clusterservingruntimes/status + verbs: + - get + - patch + - update + - apiGroups: + - serving.kserve.io + resources: + - clusterstoragecontainers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - serving.kserve.io + resources: + - inferencegraphs + - inferencegraphs/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - serving.kserve.io + resources: + - inferencegraphs/status + verbs: + - get + - patch + - update + - apiGroups: + - serving.kserve.io + resources: + - inferenceservices + - inferenceservices/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - serving.kserve.io + resources: + - inferenceservices/status + verbs: + - get + - patch + - update + - apiGroups: + - serving.kserve.io + resources: + - servingruntimes + - servingruntimes/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - serving.kserve.io + resources: + - servingruntimes/status + verbs: + - get + - patch + - update + - apiGroups: + - serving.kserve.io + resources: + - trainedmodels + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - serving.kserve.io + resources: + - trainedmodels/status + verbs: + - get + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: kserve + app.kubernetes.io/name: kserve + name: kserve-proxy-role +rules: + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-kserve-admin: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: kserve + app.kubernetes.io/name: kserve + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true" + name: kubeflow-kserve-admin +rules: [] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: kserve + app.kubernetes.io/name: kserve + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true" + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-kserve-admin: "true" + name: kubeflow-kserve-edit +rules: + - apiGroups: + - serving.kserve.io + resources: + - inferenceservices + - servingruntimes + verbs: + - get + - list + - watch + - create + - delete + - deletecollection + - patch + - update + - apiGroups: + - serving.knative.dev + resources: + - services + - services/status + - routes + - routes/status + - configurations + - configurations/status + - revisions + - revisions/status + verbs: + - get + - list + - watch + - create + - delete + - deletecollection + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: kserve + app.kubernetes.io/name: kserve + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-view: "true" + name: kubeflow-kserve-view +rules: + - apiGroups: + - serving.kserve.io + resources: + - inferenceservices + - servingruntimes + verbs: + - get + - list + - watch + - apiGroups: + - serving.knative.dev + resources: + - services + - services/status + - routes + - routes/status + - configurations + - configurations/status + - revisions + - revisions/status + verbs: + - get + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: kserve + app.kubernetes.io/name: kserve + name: kserve-leader-election-rolebinding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kserve-leader-election-role +subjects: + - kind: ServiceAccount + name: kserve-controller-manager + namespace: kubeflow +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: kserve + app.kubernetes.io/name: kserve + name: kserve-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kserve-manager-role +subjects: + - kind: ServiceAccount + name: kserve-controller-manager + namespace: kubeflow +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: kserve + app.kubernetes.io/name: kserve + name: kserve-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kserve-proxy-role +subjects: + - kind: ServiceAccount + name: kserve-controller-manager + namespace: kubeflow +--- +apiVersion: v1 +data: + _example: "################################\n# #\n# EXAMPLE CONFIGURATION #\n# #\n################################\n\n# This block is not actually functional configuration,\n# but serves to illustrate the available configuration\n# options and document them in a way that is accessible\n# to users that `kubectl edit` this config map.\n#\n# These sample configuration options may be copied out of\n# this example block and unindented to be in the data block\n# to actually change the configuration.\n\n# ====================================== EXPLAINERS CONFIGURATION ======================================\n# Example\nexplainers: |-\n {\n \"art\": {\n \"image\" : \"kserve/art-explainer\",\n \"defaultImageVersion\": \"latest\"\n }\n }\n# Art Explainer runtime configuration\n explainers: |-\n {\n # Art explainer runtime configuration\n \"art\": {\n # image contains the default Art explainer serving runtime image uri.\n \"image\" : \"kserve/art-explainer\",\n \n # defautltImageVersion contains the Art explainer serving runtime default image version.\n \"defaultImageVersion\": \"latest\"\n }\n }\n \n # ====================================== STORAGE INITIALIZER CONFIGURATION ======================================\n # Example\n storageInitializer: |-\n {\n \"image\" : \"kserve/storage-initializer:v0.13.0\",\n \"memoryRequest\": \"100Mi\",\n \"memoryLimit\": \"1Gi\",\n \"cpuRequest\": \"100m\",\n \"cpuLimit\": \"1\",\n \"caBundleConfigMapName\": \"\",\n \"caBundleVolumeMountPath\": \"/etc/ssl/custom-certs\",\n \"enableDirectPvcVolumeMount\": false,\n \"enableModelcar\": false,\n \"cpuModelcar\": \"10m\",\n \"memoryModelcar\": \"15Mi\"\n }\n storageInitializer: |-\n {\n # image contains the default storage initializer image uri.\n \"image\" : \"kserve/storage-initializer:v0.13.0\",\n \n # memoryRequest is the requests.memory to set for the storage initializer init container.\n \"memoryRequest\": \"100Mi\",\n \n # memoryLimit is the limits.memory to set for the storage initializer init container.\n \"memoryLimit\": \"1Gi\",\n \n # cpuRequest is the requests.cpu to set for the storage initializer init container.\n \"cpuRequest\": \"100m\",\n \n # cpuLimit is the limits.cpu to set for the storage initializer init container.\n \"cpuLimit\": \"1\",\n \n # caBundleConfigMapName is the ConfigMap will be copied to a user namespace for the storage initializer init container.\n \"caBundleConfigMapName\": \"\",\n\n # caBundleVolumeMountPath is the mount point for the configmap set by caBundleConfigMapName for the storage initializer init container.\n \"caBundleVolumeMountPath\": \"/etc/ssl/custom-certs\",\n\n # enableDirectPvcVolumeMount controls whether users can mount pvc volumes directly.\n # if pvc volume is provided in storageuri then the pvc volume is directly mounted to /mnt/models in the user container.\n # rather than symlink it to a shared volume. For more info see https://github.com/kserve/kserve/issues/2737\n \"enableDirectPvcVolumeMount\": true,\n\n # enableModelcar enabled allows you to directly access an OCI container image by\n # using a source URL with an \"oci://\" schema.\n \"enableModelcar\": false,\n\n # cpuModelcar is the cpu request and limit that is used for the passive modelcar container. It can be\n # set very low, but should be allowed by any Kubernetes LimitRange that might apply.\n \"cpuModelcar\": \"10m\",\n\n # cpuModelcar is the memory request and limit that is used for the passive modelcar container. It can be\n # set very low, but should be allowed by any Kubernetes LimitRange that might apply.\n \"memoryModelcar\": \"15Mi\",\n\n # uidModelcar is the UID under with which the modelcar process and the main container is running.\n # Some Kubernetes clusters might require this to be root (0). If not set the user id is left untouched (default)\n \"uidModelcar\": 10\n }\n \n # ====================================== CREDENTIALS ======================================\n # Example\n credentials: |-\n {\n \"storageSpecSecretName\": \"storage-config\",\n \"storageSecretNameAnnotation\": \"serving.kserve.io/storageSecretName\",\n \"gcs\": {\n \"gcsCredentialFileName\": \"gcloud-application-credentials.json\"\n },\n \"s3\": {\n \"s3AccessKeyIDName\": \"AWS_ACCESS_KEY_ID\",\n \"s3SecretAccessKeyName\": \"AWS_SECRET_ACCESS_KEY\",\n \"s3Endpoint\": \"\",\n \"s3UseHttps\": \"\",\n \"s3Region\": \"\",\n \"s3VerifySSL\": \"\",\n \"s3UseVirtualBucket\": \"\",\n \"s3UseAccelerate\": \"\",\n \"s3UseAnonymousCredential\": \"\",\n \"s3CABundle\": \"\"\n }\n }\n # This is a global configuration used for downloading models from the cloud storage.\n # You can override this configuration by specifying the annotations on service account or static secret.\n # https://kserve.github.io/website/master/modelserving/storage/s3/s3/\n # For a quick reference about AWS ENV variables:\n # AWS Cli: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html\n # Boto: https://boto3.amazonaws.com/v1/documentation/api/latest/guide/configuration.html#using-environment-variables\n #\n # The `s3AccessKeyIDName` and `s3SecretAccessKeyName` fields are only used from this configmap when static credentials (IAM User Access Key Secret)\n # are used as the authentication method for AWS S3.\n # The rest of the fields are used in both authentication methods (IAM Role for Service Account & IAM User Access Key Secret) if a non-empty value is provided.\n credentials: |-\n {\n # storageSpecSecretName contains the secret name which has the credentials for downloading the model.\n # This option is used when specifying the storage spec on isvc yaml.\n \"storageSpecSecretName\": \"storage-config\",\n\n # The annotation can be specified on isvc yaml to allow overriding with the secret name reference from the annotation value.\n # When using storageUri the order of the precedence is: secret name reference annotation > secret name references from service account\n # When using storageSpec the order of the precedence is: secret name reference annotation > storageSpecSecretName in configmap\n\n # Configuration for google cloud storage\n \"gcs\": {\n # gcsCredentialFileName specifies the filename of the gcs credential\n \"gcsCredentialFileName\": \"gcloud-application-credentials.json\"\n },\n \n # Configuration for aws s3 storage. This add the corresponding environmental variables to the storage initializer init container.\n # For more info on s3 storage see https://kserve.github.io/website/master/modelserving/storage/s3/s3/\n \"s3\": {\n # s3AccessKeyIDName specifies the s3 access key id name\n \"s3AccessKeyIDName\": \"AWS_ACCESS_KEY_ID\",\n \n # s3SecretAccessKeyName specifies the s3 secret access key name\n \"s3SecretAccessKeyName\": \"AWS_SECRET_ACCESS_KEY\",\n \n # s3Endpoint specifies the s3 endpoint\n \"s3Endpoint\": \"\",\n \n # s3UseHttps controls whether to use secure https or unsecure http to download models.\n # Allowed values are 0 and 1.\n \"s3UseHttps\": \"\",\n \n # s3Region specifies the region of the bucket.\n \"s3Region\": \"\",\n \n # s3VerifySSL controls whether to verify the tls/ssl certificate.\n \"s3VerifySSL\": \"\",\n \n # s3UseVirtualBucket configures whether it is a virtual bucket or not.\n \"s3UseVirtualBucket\": \"\",\n\n # s3UseAccelerate configures whether to use transfer acceleration.\n \"s3UseAccelerate\": \"\",\n \n # s3UseAnonymousCredential configures whether to use anonymous credentials to download the model or not.\n \"s3UseAnonymousCredential\": \"\",\n \n # s3CABundle specifies the path to a certificate bundle to use for HTTPS certificate validation.\n \"s3CABundle\": \"\"\n }\n }\n \n # ====================================== INGRESS CONFIGURATION ======================================\n # Example\n ingress: |-\n {\n \"ingressGateway\" : \"knative-serving/knative-ingress-gateway\",\n \"ingressService\" : \"istio-ingressgateway.istio-system.svc.cluster.local\",\n \"localGateway\" : \"knative-serving/knative-local-gateway\",\n \"localGatewayService\" : \"knative-local-gateway.istio-system.svc.cluster.local\",\n \"ingressDomain\" : \"example.com\",\n \"additionalIngressDomains\": [\"additional-example.com\", \"additional-example-1.com\"],\n \"ingressClassName\" : \"istio\",\n \"domainTemplate\": \"{{ .Name }}-{{ .Namespace }}.{{ .IngressDomain }}\",\n \"urlScheme\": \"http\",\n \"disableIstioVirtualHost\": false,\n \"disableIngressCreation\": false\n }\n ingress: |-\n {\n # ingressGateway specifies the ingress gateway to serve external traffic.\n # The gateway should be specified in format /\n # NOTE: This configuration only applicable for serverless deployment with Istio configured as network layer.\n \"ingressGateway\" : \"knative-serving/knative-ingress-gateway\",\n \n # ingressService specifies the hostname of the ingress service.\n # NOTE: This configuration only applicable for serverless deployment with Istio configured as network layer.\n \"ingressService\" : \"istio-ingressgateway.istio-system.svc.cluster.local\",\n \n # localGateway specifies the gateway which handles the network traffic within the cluster.\n # NOTE: This configuration only applicable for serverless deployment with Istio configured as network layer.\n \"localGateway\" : \"knative-serving/knative-local-gateway\",\n \n # localGatewayService specifies the hostname of the local gateway service.\n # NOTE: This configuration only applicable for serverless deployment with Istio configured as network layer.\n \"localGatewayService\" : \"knative-local-gateway.istio-system.svc.cluster.local\",\n \n # ingressDomain specifies the domain name which is used for creating the url.\n # If ingressDomain is empty then example.com is used as default domain.\n # NOTE: This configuration only applicable for raw deployment.\n \"ingressDomain\" : \"example.com\",\n\n # additionalIngressDomains specifies the additional domain names which are used for creating the url.\n \"additionalIngressDomains\": [\"additional-example.com\", \"additional-example-1.com\"]\n\n # ingressClassName specifies the ingress controller to use for ingress traffic.\n # This is optional and if omitted the default ingress in the cluster is used.\n # https://kubernetes.io/docs/concepts/services-networking/ingress/#default-ingress-class\n # NOTE: This configuration only applicable for raw deployment.\n \"ingressClassName\" : \"istio\",\n \n # domainTemplate specifies the template for generating domain/url for each inference service by combining variable from:\n # Name of the inference service ( {{ .Name}} )\n # Namespace of the inference service ( {{ .Namespace }} )\n # Annotation of the inference service ( {{ .Annotations.key }} )\n # Label of the inference service ( {{ .Labels.key }} )\n # IngressDomain ( {{ .IngressDomain }} )\n # If domain template is empty the default template {{ .Name }}-{{ .Namespace }}.{{ .IngressDomain }} is used.\n # NOTE: This configuration only applicable for raw deployment.\n \"domainTemplate\": \"{{ .Name }}-{{ .Namespace }}.{{ .IngressDomain }}\",\n \n # urlScheme specifies the url scheme to use for inference service and inference graph.\n # If urlScheme is empty then by default http is used.\n \"urlScheme\": \"http\",\n \n # disableIstioVirtualHost controls whether to use istio as network layer.\n # By default istio is used as the network layer. When DisableIstioVirtualHost is true, KServe does not\n # create the top level virtual service thus Istio is no longer required for serverless mode.\n # By setting this field to true, user can use other networking layers supported by knative.\n # For more info https://github.com/kserve/kserve/pull/2380, https://kserve.github.io/website/master/admin/serverless/kourier_networking/.\n # NOTE: This configuration is only applicable to serverless deployment.\n \"disableIstioVirtualHost\": false,\n\n # disableIngressCreation controls whether to disable ingress creation for raw deployment mode.\n \"disableIngressCreation\": false,\n \n # pathTemplate specifies the template for generating path based url for each inference service.\n # The following variables can be used in the template for generating url.\n # Name of the inference service ( {{ .Name}} )\n # Namespace of the inference service ( {{ .Namespace }} )\n # For more info https://github.com/kserve/kserve/issues/2257.\n # NOTE: This configuration only applicable to serverless deployment.\n \"pathTemplate\": \"/serving/{{ .Namespace }}/{{ .Name }}\"\n }\n \n # ====================================== LOGGER CONFIGURATION ======================================\n # Example\n logger: |-\n {\n \"image\" : \"kserve/agent:v0.13.0\",\n \"memoryRequest\": \"100Mi\",\n \"memoryLimit\": \"1Gi\",\n \"cpuRequest\": \"100m\",\n \"cpuLimit\": \"1\",\n \"defaultUrl\": \"http://default-broker\"\n }\n logger: |-\n {\n # image contains the default logger image uri.\n \"image\" : \"kserve/agent:v0.13.0\",\n \n # memoryRequest is the requests.memory to set for the logger container.\n \"memoryRequest\": \"100Mi\",\n \n # memoryLimit is the limits.memory to set for the logger container.\n \"memoryLimit\": \"1Gi\",\n \n # cpuRequest is the requests.cpu to set for the logger container.\n \"cpuRequest\": \"100m\",\n \n # cpuLimit is the limits.cpu to set for the logger container.\n \"cpuLimit\": \"1\",\n \n # defaultUrl specifies the default logger url. If logger is not specified in the resource this url is used.\n \"defaultUrl\": \"http://default-broker\"\n }\n \n # ====================================== BATCHER CONFIGURATION ======================================\n # Example\n batcher: |-\n {\n \"image\" : \"kserve/agent:v0.13.0\",\n \"memoryRequest\": \"1Gi\",\n \"memoryLimit\": \"1Gi\",\n \"cpuRequest\": \"1\",\n \"cpuLimit\": \"1\",\n \"maxBatchSize\": \"32\",\n \"maxLatency\": \"5000\"\n }\n batcher: |-\n {\n # image contains the default batcher image uri.\n \"image\" : \"kserve/agent:v0.13.0\",\n \n # memoryRequest is the requests.memory to set for the batcher container.\n \"memoryRequest\": \"1Gi\",\n \n # memoryLimit is the limits.memory to set for the batcher container.\n \"memoryLimit\": \"1Gi\",\n \n # cpuRequest is the requests.cpu to set for the batcher container.\n \"cpuRequest\": \"1\",\n \n # cpuLimit is the limits.cpu to set for the batcher container.\n \"cpuLimit\": \"1\"\n\n # maxBatchSize is the default maximum batch size for batcher.\n \"maxBatchSize\": \"32\",\n\n # maxLatency is the default maximum latency in milliseconds for batcher to wait and collect the batch.\n \"maxLatency\": \"5000\"\n }\n \n # ====================================== AGENT CONFIGURATION ======================================\n # Example\n agent: |-\n {\n \"image\" : \"kserve/agent:v0.13.0\",\n \"memoryRequest\": \"100Mi\",\n \"memoryLimit\": \"1Gi\",\n \"cpuRequest\": \"100m\",\n \"cpuLimit\": \"1\"\n }\n agent: |-\n {\n # image contains the default agent image uri.\n \"image\" : \"kserve/agent:v0.13.0\",\n \n # memoryRequest is the requests.memory to set for the agent container.\n \"memoryRequest\": \"100Mi\",\n \n # memoryLimit is the limits.memory to set for the agent container.\n \"memoryLimit\": \"1Gi\",\n \n # cpuRequest is the requests.cpu to set for the agent container.\n \"cpuRequest\": \"100m\",\n \n # cpuLimit is the limits.cpu to set for the agent container.\n \"cpuLimit\": \"1\"\n }\n \n # ====================================== ROUTER CONFIGURATION ======================================\n # Example\n router: |-\n {\n \"image\" : \"kserve/router:v0.13.0\",\n \"memoryRequest\": \"100Mi\",\n \"memoryLimit\": \"1Gi\",\n \"cpuRequest\": \"100m\",\n \"cpuLimit\": \"1\",\n \"headers\": {\n \"propagate\": []\n }\n }\n # router is the implementation of inference graph.\n router: |-\n {\n # image contains the default router image uri.\n \"image\" : \"kserve/router:v0.13.0\",\n \n # memoryRequest is the requests.memory to set for the router container.\n \"memoryRequest\": \"100Mi\",\n \n # memoryLimit is the limits.memory to set for the router container.\n \"memoryLimit\": \"1Gi\",\n \n # cpuRequest is the requests.cpu to set for the router container.\n \"cpuRequest\": \"100m\",\n \n # cpuLimit is the limits.cpu to set for the router container.\n \"cpuLimit\": \"1\",\n \n # Propagate the specified headers to all the steps specified in an InferenceGraph. \n # You can either specify the exact header names or use [Golang supported regex patterns]\n # (https://pkg.go.dev/regexp/syntax@go1.21.3#hdr-Syntax) to propagate multiple headers.\n \"headers\": {\n \"propagate\": [\n \"Authorization\",\n \"Test-Header-*\",\n \"*Trace-Id*\"\n ]\n }\n }\n \n # ====================================== DEPLOYMENT CONFIGURATION ======================================\n # Example\n deploy: |-\n {\n \"defaultDeploymentMode\": \"Serverless\"\n }\n deploy: |-\n {\n # defaultDeploymentMode specifies the default deployment mode of the kserve. The supported values are\n # Serverless, RawDeployment and ModelMesh. Users can override the deployment mode at service level\n # by adding the annotation serving.kserve.io/deploymentMode.For more info on deployment mode visit\n # Serverless https://kserve.github.io/website/master/admin/serverless/serverless/\n # RawDeployment https://kserve.github.io/website/master/admin/kubernetes_deployment/\n # ModelMesh https://kserve.github.io/website/master/admin/modelmesh/\n \"defaultDeploymentMode\": \"Serverless\"\n }\n \n # ====================================== METRICS CONFIGURATION ======================================\n # Example\n metricsAggregator: |-\n {\n \"enableMetricAggregation\": \"false\",\n \"enablePrometheusScraping\" : \"false\"\n }\n # For more info see https://github.com/kserve/kserve/blob/master/qpext/README.md\n metricsAggregator: |-\n {\n # enableMetricAggregation configures metric aggregation annotation. This adds the annotation serving.kserve.io/enable-metric-aggregation to every\n # service with the specified boolean value. If true enables metric aggregation in queue-proxy by setting env vars in the queue proxy container\n # to configure scraping ports.\n \"enableMetricAggregation\": \"false\",\n \n # enablePrometheusScraping configures metric aggregation annotation. This adds the annotation serving.kserve.io/enable-metric-aggregation to every\n # service with the specified boolean value. If true, prometheus annotations are added to the pod. If serving.kserve.io/enable-metric-aggregation is false,\n # the prometheus port is set with the default prometheus scraping port 9090, otherwise the prometheus port annotation is set with the metric aggregation port.\n \"enablePrometheusScraping\" : \"false\"\n }" + agent: |- + { + "image" : "kserve/agent:v0.13.0", + "memoryRequest": "100Mi", + "memoryLimit": "1Gi", + "cpuRequest": "100m", + "cpuLimit": "1" + } + batcher: |- + { + "image" : "kserve/agent:v0.13.0", + "memoryRequest": "1Gi", + "memoryLimit": "1Gi", + "cpuRequest": "1", + "cpuLimit": "1", + "maxBatchSize": "32", + "maxLatency": "5000" + } + credentials: |- + { + "storageSpecSecretName": "storage-config", + "storageSecretNameAnnotation": "serving.kserve.io/storageSecretName", + "gcs": { + "gcsCredentialFileName": "gcloud-application-credentials.json" + }, + "s3": { + "s3AccessKeyIDName": "AWS_ACCESS_KEY_ID", + "s3SecretAccessKeyName": "AWS_SECRET_ACCESS_KEY", + "s3Endpoint": "", + "s3UseHttps": "", + "s3Region": "", + "s3VerifySSL": "", + "s3UseVirtualBucket": "", + "s3UseAccelerate": "", + "s3UseAnonymousCredential": "", + "s3CABundle": "" + } + } + deploy: |- + { + "defaultDeploymentMode": "Serverless" + } + explainers: |- + { + "art": { + "image" : "kserve/art-explainer", + "defaultImageVersion": "latest" + } + } + ingress: |- + { + "ingressGateway": "kubeflow/kubeflow-gateway", + "ingressService": "istio-ingressgateway.istio-system.svc.cluster.local", + "localGateway": "knative-serving/knative-local-gateway", + "localGatewayService": "knative-local-gateway.istio-system.svc.cluster.local", + "ingressDomain": "example.com", + "ingressClassName": "istio", + "domainTemplate": "{{ .Name }}-{{ .Namespace }}.{{ .IngressDomain }}", + "urlScheme": "http", + "disableIstioVirtualHost": false, + "disableIngressCreation": false + } + logger: |- + { + "image" : "kserve/agent:v0.13.0", + "memoryRequest": "100Mi", + "memoryLimit": "1Gi", + "cpuRequest": "100m", + "cpuLimit": "1", + "defaultUrl": "http://default-broker" + } + metricsAggregator: |- + { + "enableMetricAggregation": "false", + "enablePrometheusScraping" : "false" + } + router: |- + { + "image" : "kserve/router:v0.13.0", + "memoryRequest": "100Mi", + "memoryLimit": "1Gi", + "cpuRequest": "100m", + "cpuLimit": "1" + } + storageInitializer: |- + { + "image" : "kserve/storage-initializer:v0.13.0", + "memoryRequest": "100Mi", + "memoryLimit": "1Gi", + "cpuRequest": "100m", + "cpuLimit": "1", + "caBundleConfigMapName": "", + "caBundleVolumeMountPath": "/etc/ssl/custom-certs", + "enableDirectPvcVolumeMount": true, + "enableModelcar": false, + "cpuModelcar": "10m", + "memoryModelcar": "15Mi" + } +kind: ConfigMap +metadata: + labels: + app: kserve + app.kubernetes.io/name: kserve + name: inferenceservice-config + namespace: kubeflow +--- +apiVersion: v1 +kind: Secret +metadata: + labels: + app: kserve + app.kubernetes.io/name: kserve + name: kserve-webhook-server-secret + namespace: kubeflow +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "8443" + prometheus.io/scheme: https + prometheus.io/scrape: "true" + labels: + app: kserve + app.kubernetes.io/name: kserve + control-plane: kserve-controller-manager + controller-tools.k8s.io: "1.0" + name: kserve-controller-manager-metrics-service + namespace: kubeflow +spec: + ports: + - name: https + port: 8443 + targetPort: https + selector: + app: kserve + app.kubernetes.io/name: kserve + control-plane: kserve-controller-manager + controller-tools.k8s.io: "1.0" +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: kserve + app.kubernetes.io/name: kserve + control-plane: kserve-controller-manager + controller-tools.k8s.io: "1.0" + name: kserve-controller-manager-service + namespace: kubeflow +spec: + ports: + - port: 8443 + protocol: TCP + targetPort: https + selector: + app: kserve + app.kubernetes.io/name: kserve + control-plane: kserve-controller-manager + controller-tools.k8s.io: "1.0" +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: kserve + app.kubernetes.io/name: kserve + name: kserve-webhook-server-service + namespace: kubeflow +spec: + ports: + - port: 443 + targetPort: webhook-server + selector: + app: kserve + app.kubernetes.io/name: kserve + control-plane: kserve-controller-manager +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: kserve + app.kubernetes.io/name: kserve + control-plane: kserve-controller-manager + controller-tools.k8s.io: "1.0" + name: kserve-controller-manager + namespace: kubeflow +spec: + selector: + matchLabels: + app: kserve + app.kubernetes.io/name: kserve + control-plane: kserve-controller-manager + controller-tools.k8s.io: "1.0" + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + sidecar.istio.io/inject: "false" + labels: + app: kserve + app.kubernetes.io/name: kserve + control-plane: kserve-controller-manager + controller-tools.k8s.io: "1.0" + spec: + containers: + - args: + - --metrics-addr=127.0.0.1:8080 + - --leader-elect + command: + - /manager + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: SECRET_NAME + value: kserve-webhook-server-cert + image: kserve/kserve-controller:v0.13.0 + imagePullPolicy: Always + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 10 + timeoutSeconds: 5 + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + readinessProbe: + failureThreshold: 10 + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 10 + periodSeconds: 5 + timeoutSeconds: 5 + resources: + limits: + cpu: 100m + memory: 300Mi + requests: + cpu: 100m + memory: 200Mi + securityContext: + allowPrivilegeEscalation: false + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=10 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.1 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + securityContext: + runAsNonRoot: true + serviceAccountName: kserve-controller-manager + terminationGracePeriodSeconds: 10 + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: kserve-webhook-server-cert +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + labels: + app: kserve + app.kubernetes.io/name: kserve + name: serving-cert + namespace: kubeflow +spec: + commonName: kserve-webhook-server-service.kubeflow.svc + dnsNames: + - kserve-webhook-server-service.kubeflow.svc + issuerRef: + kind: Issuer + name: selfsigned-issuer + secretName: kserve-webhook-server-cert +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + labels: + app: kserve + app.kubernetes.io/name: kserve + name: selfsigned-issuer + namespace: kubeflow +spec: + selfSigned: {} +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: kubeflow/serving-cert + creationTimestamp: null + labels: + app: kserve + app.kubernetes.io/name: kserve + name: inferenceservice.serving.kserve.io +webhooks: + - admissionReviewVersions: + - v1beta1 + clientConfig: + caBundle: Cg== + service: + name: kserve-webhook-server-service + namespace: kubeflow + path: /mutate-serving-kserve-io-v1beta1-inferenceservice + failurePolicy: Fail + name: inferenceservice.kserve-webhook-server.defaulter + rules: + - apiGroups: + - serving.kserve.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - inferenceservices + sideEffects: None + - admissionReviewVersions: + - v1beta1 + clientConfig: + caBundle: Cg== + service: + name: kserve-webhook-server-service + namespace: kubeflow + path: /mutate-pods + failurePolicy: Fail + name: inferenceservice.kserve-webhook-server.pod-mutator + namespaceSelector: + matchExpressions: + - key: control-plane + operator: DoesNotExist + objectSelector: + matchExpressions: + - key: serving.kserve.io/inferenceservice + operator: Exists + reinvocationPolicy: IfNeeded + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + resources: + - pods + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: kubeflow/serving-cert + creationTimestamp: null + labels: + app: kserve + app.kubernetes.io/name: kserve + name: clusterservingruntime.serving.kserve.io +webhooks: + - admissionReviewVersions: + - v1beta1 + clientConfig: + caBundle: Cg== + service: + name: kserve-webhook-server-service + namespace: kubeflow + path: /validate-serving-kserve-io-v1alpha1-clusterservingruntime + failurePolicy: Fail + name: clusterservingruntime.kserve-webhook-server.validator + rules: + - apiGroups: + - serving.kserve.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - clusterservingruntimes + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: kubeflow/serving-cert + creationTimestamp: null + labels: + app: kserve + app.kubernetes.io/name: kserve + name: inferencegraph.serving.kserve.io +webhooks: + - admissionReviewVersions: + - v1beta1 + clientConfig: + caBundle: Cg== + service: + name: kserve-webhook-server-service + namespace: kubeflow + path: /validate-serving-kserve-io-v1alpha1-inferencegraph + failurePolicy: Fail + name: inferencegraph.kserve-webhook-server.validator + rules: + - apiGroups: + - serving.kserve.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - inferencegraphs + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: kubeflow/serving-cert + creationTimestamp: null + labels: + app: kserve + app.kubernetes.io/name: kserve + name: inferenceservice.serving.kserve.io +webhooks: + - admissionReviewVersions: + - v1beta1 + clientConfig: + caBundle: Cg== + service: + name: kserve-webhook-server-service + namespace: kubeflow + path: /validate-serving-kserve-io-v1beta1-inferenceservice + failurePolicy: Fail + name: inferenceservice.kserve-webhook-server.validator + rules: + - apiGroups: + - serving.kserve.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - inferenceservices + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: kubeflow/serving-cert + creationTimestamp: null + labels: + app: kserve + app.kubernetes.io/name: kserve + name: servingruntime.serving.kserve.io +webhooks: + - admissionReviewVersions: + - v1beta1 + clientConfig: + caBundle: Cg== + service: + name: kserve-webhook-server-service + namespace: kubeflow + path: /validate-serving-kserve-io-v1alpha1-servingruntime + failurePolicy: Fail + name: servingruntime.kserve-webhook-server.validator + rules: + - apiGroups: + - serving.kserve.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - servingruntimes + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: kubeflow/serving-cert + creationTimestamp: null + labels: + app: kserve + app.kubernetes.io/name: kserve + name: trainedmodel.serving.kserve.io +webhooks: + - admissionReviewVersions: + - v1beta1 + clientConfig: + caBundle: Cg== + service: + name: kserve-webhook-server-service + namespace: kubeflow + path: /validate-serving-kserve-io-v1alpha1-trainedmodel + failurePolicy: Fail + name: trainedmodel.kserve-webhook-server.validator + rules: + - apiGroups: + - serving.kserve.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - trainedmodels + sideEffects: None \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kserve/values_lint.yaml b/packs/kubeflow-1.9.1/charts/kserve/values_lint.yaml new file mode 100644 index 00000000..e69de29b diff --git a/packs/kubeflow-1.9.1/charts/kubeflow-0.5.1.tgz b/packs/kubeflow-1.9.1/charts/kubeflow-0.5.1.tgz new file mode 100644 index 00000000..0ad49be3 Binary files /dev/null and b/packs/kubeflow-1.9.1/charts/kubeflow-0.5.1.tgz differ diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/.helmignore b/packs/kubeflow-1.9.1/charts/kubeflow/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/Chart.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/Chart.yaml new file mode 100644 index 00000000..17a1b167 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/Chart.yaml @@ -0,0 +1,27 @@ +apiVersion: v2 +name: kubeflow +description: A Helm chart for Kubeflow + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.5.1 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.9.1" +maintainers: + - name: Kubeflow + url: https://github.com/kromanow94/kubeflow-manifests diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/files/pipelines-profile-controller/sync.py b/packs/kubeflow-1.9.1/charts/kubeflow/files/pipelines-profile-controller/sync.py new file mode 100644 index 00000000..88caaa62 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/files/pipelines-profile-controller/sync.py @@ -0,0 +1,425 @@ +# Copyright 2020-2021 The Kubeflow Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# NOTE: this file probably needs some parametrization... + +from http.server import BaseHTTPRequestHandler, HTTPServer +import json +import os +import base64 + + +def main(): + settings = get_settings_from_env() + server = server_factory(**settings) + server.serve_forever() + + +def get_settings_from_env(controller_port=None, + visualization_server_image=None, frontend_image=None, + visualization_server_tag=None, frontend_tag=None, disable_istio_sidecar=None, + minio_host=None, minio_access_key=None, minio_secret_key=None, + kfp_default_pipeline_root=None, metadata_grpc_service_host=None, + metadata_grpc_service_port=None, ml_pipeline_sa_principal=None): + """ + Returns a dict of settings from environment variables relevant to the controller + + Environment settings can be overridden by passing them here as arguments. + + Settings are pulled from the all-caps version of the setting name. The + following defaults are used if those environment variables are not set + to enable backwards compatibility with previous versions of this script: + visualization_server_image: gcr.io/ml-pipeline/visualization-server + visualization_server_tag: value of KFP_VERSION environment variable + frontend_image: gcr.io/ml-pipeline/frontend + frontend_tag: value of KFP_VERSION environment variable + disable_istio_sidecar: Required (no default) + minio_host: Not required (no default) + minio_access_key: Required (no default) + minio_secret_key: Required (no default) + metadata_grpc_service_host: Required (no default) + metadata_grpc_service_port: Required (no default) + ml_pipeline_sa_principal: Required (no default) + """ + settings = dict() + settings["controller_port"] = \ + controller_port or \ + os.environ.get("CONTROLLER_PORT", "8080") + + settings["visualization_server_image"] = \ + visualization_server_image or \ + os.environ.get("VISUALIZATION_SERVER_IMAGE", "gcr.io/ml-pipeline/visualization-server") + + settings["frontend_image"] = \ + frontend_image or \ + os.environ.get("FRONTEND_IMAGE", "gcr.io/ml-pipeline/frontend") + + # Look for specific tags for each image first, falling back to + # previously used KFP_VERSION environment variable for backwards + # compatibility + settings["visualization_server_tag"] = \ + visualization_server_tag or \ + os.environ.get("VISUALIZATION_SERVER_TAG") or \ + os.environ["KFP_VERSION"] + + settings["frontend_tag"] = \ + frontend_tag or \ + os.environ.get("FRONTEND_TAG") or \ + os.environ["KFP_VERSION"] + + settings["disable_istio_sidecar"] = \ + disable_istio_sidecar if disable_istio_sidecar is not None \ + else os.environ.get("DISABLE_ISTIO_SIDECAR") == "true" + + settings["minio_host"] = \ + minio_host or \ + os.environ.get("MINIO_HOST") + + settings["minio_access_key"] = \ + minio_access_key or \ + base64.b64encode(bytes(os.environ.get("MINIO_ACCESS_KEY"), 'utf-8')).decode('utf-8') + + settings["minio_secret_key"] = \ + minio_secret_key or \ + base64.b64encode(bytes(os.environ.get("MINIO_SECRET_KEY"), 'utf-8')).decode('utf-8') + + # KFP_DEFAULT_PIPELINE_ROOT is optional + settings["kfp_default_pipeline_root"] = \ + kfp_default_pipeline_root or \ + os.environ.get("KFP_DEFAULT_PIPELINE_ROOT") + + settings["metadata_grpc_service_host"] = \ + metadata_grpc_service_host or \ + os.environ.get("METADATA_GRPC_SERVICE_HOST") + + settings["metadata_grpc_service_port"] = \ + metadata_grpc_service_port or \ + os.environ.get("METADATA_GRPC_SERVICE_PORT") + + settings["ml_pipeline_sa_principal"] = \ + ml_pipeline_sa_principal or \ + os.environ.get("ML_PIPELINE_SA_PRINCIPAL") + + return settings + + +def server_factory(visualization_server_image, + visualization_server_tag, frontend_image, frontend_tag, + disable_istio_sidecar, minio_access_key, minio_secret_key, + minio_host=None, kfp_default_pipeline_root=None, + metadata_grpc_service_host=None, metadata_grpc_service_port=None, + ml_pipeline_sa_principal=None, url="", controller_port=8080): + """ + Returns an HTTPServer populated with Handler with customized settings + """ + class Controller(BaseHTTPRequestHandler): + def sync(self, parent, attachments): + # parent is a namespace + namespace = parent.get("metadata", {}).get("name") + + pipeline_enabled = parent.get("metadata", {}).get( + "labels", {}).get("pipelines.kubeflow.org/enabled") + + if pipeline_enabled != "true": + return {"status": {}, "attachments": []} + + desired_configmap_count = 1 + desired_resources = [] + if kfp_default_pipeline_root: + desired_configmap_count = 2 + desired_resources += [{ + "apiVersion": "v1", + "kind": "ConfigMap", + "metadata": { + "name": "kfp-launcher", + "namespace": namespace, + }, + "data": { + "defaultPipelineRoot": kfp_default_pipeline_root, + }, + }] + + # Compute status based on observed state. + desired_status = { + "kubeflow-pipelines-ready": + len(attachments["Secret.v1"]) == 1 and + len(attachments["ConfigMap.v1"]) == desired_configmap_count and + len(attachments["Deployment.apps/v1"]) == 2 and + len(attachments["Service.v1"]) == 2 and + len(attachments["DestinationRule.networking.istio.io/v1alpha3"]) == 1 and + len(attachments["AuthorizationPolicy.security.istio.io/v1beta1"]) == 1 and + "True" or "False" + } + + # Generate the desired attachments object(s). + desired_resources += [ + { + "apiVersion": "v1", + "kind": "ConfigMap", + "metadata": { + "name": "metadata-grpc-configmap", + "namespace": namespace, + }, + "data": { + "METADATA_GRPC_SERVICE_HOST": + metadata_grpc_service_host, + "METADATA_GRPC_SERVICE_PORT": + metadata_grpc_service_port, + }, + }, + # Visualization server related manifests below + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "labels": { + "app": "ml-pipeline-visualizationserver" + }, + "name": "ml-pipeline-visualizationserver", + "namespace": namespace, + }, + "spec": { + "selector": { + "matchLabels": { + "app": "ml-pipeline-visualizationserver" + }, + }, + "template": { + "metadata": { + "labels": { + "app": "ml-pipeline-visualizationserver" + }, + "annotations": disable_istio_sidecar and { + "sidecar.istio.io/inject": "false" + } or {}, + }, + "spec": { + "containers": [{ + "image": f"{visualization_server_image}:{visualization_server_tag}", + "imagePullPolicy": + "IfNotPresent", + "name": + "ml-pipeline-visualizationserver", + "ports": [{ + "containerPort": 8888 + }], + "resources": { + "requests": { + "cpu": "50m", + "memory": "200Mi" + }, + "limits": { + "cpu": "500m", + "memory": "1Gi" + }, + } + }], + "serviceAccountName": + "default-editor", + }, + }, + }, + }, + { + "apiVersion": "networking.istio.io/v1alpha3", + "kind": "DestinationRule", + "metadata": { + "name": "ml-pipeline-visualizationserver", + "namespace": namespace, + }, + "spec": { + "host": "ml-pipeline-visualizationserver", + "trafficPolicy": { + "tls": { + "mode": "ISTIO_MUTUAL" + } + } + } + }, + { + "apiVersion": "security.istio.io/v1beta1", + "kind": "AuthorizationPolicy", + "metadata": { + "name": "ml-pipeline-visualizationserver", + "namespace": namespace, + }, + "spec": { + "selector": { + "matchLabels": { + "app": "ml-pipeline-visualizationserver" + } + }, + "rules": [{ + "from": [{ + "source": { + "principals": [ml_pipeline_sa_principal] + } + }] + }] + } + }, + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "name": "ml-pipeline-visualizationserver", + "namespace": namespace, + }, + "spec": { + "ports": [{ + "name": "http", + "port": 8888, + "protocol": "TCP", + "targetPort": 8888, + }], + "selector": { + "app": "ml-pipeline-visualizationserver", + }, + }, + }, + # Artifact fetcher related resources below. + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "labels": { + "app": "ml-pipeline-ui-artifact" + }, + "name": "ml-pipeline-ui-artifact", + "namespace": namespace, + }, + "spec": { + "selector": { + "matchLabels": { + "app": "ml-pipeline-ui-artifact" + } + }, + "template": { + "metadata": { + "labels": { + "app": "ml-pipeline-ui-artifact" + }, + "annotations": disable_istio_sidecar and { + "sidecar.istio.io/inject": "false" + } or {}, + }, + "spec": { + "containers": [{ + "name": + "ml-pipeline-ui-artifact", + "image": f"{frontend_image}:{frontend_tag}", + "imagePullPolicy": + "IfNotPresent", + "ports": [{ + "containerPort": 3000 + }], + "env": [ + { + "name": "MINIO_HOST", + "value": minio_host, + }, + { + "name": "MINIO_ACCESS_KEY", + "valueFrom": { + "secretKeyRef": { + "key": "accesskey", + "name": "mlpipeline-minio-artifact" + } + } + }, + { + "name": "MINIO_SECRET_KEY", + "valueFrom": { + "secretKeyRef": { + "key": "secretkey", + "name": "mlpipeline-minio-artifact" + } + } + } + ], + "resources": { + "requests": { + "cpu": "10m", + "memory": "70Mi" + }, + "limits": { + "cpu": "100m", + "memory": "500Mi" + }, + } + }], + "serviceAccountName": + "default-editor" + } + } + } + }, + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "name": "ml-pipeline-ui-artifact", + "namespace": namespace, + "labels": { + "app": "ml-pipeline-ui-artifact" + } + }, + "spec": { + "ports": [{ + "name": + "http", # name is required to let istio understand request protocol + "port": 80, + "protocol": "TCP", + "targetPort": 3000 + }], + "selector": { + "app": "ml-pipeline-ui-artifact" + } + } + }, + ] + print('Received request:\n', json.dumps(parent, sort_keys=True)) + print('Desired resources except secrets:\n', json.dumps(desired_resources, sort_keys=True)) + # Moved after the print argument because this is sensitive data. + desired_resources.append({ + "apiVersion": "v1", + "kind": "Secret", + "metadata": { + "name": "mlpipeline-minio-artifact", + "namespace": namespace, + }, + "data": { + "accesskey": minio_access_key, + "secretkey": minio_secret_key, + }, + }) + + return {"status": desired_status, "attachments": desired_resources} + + def do_POST(self): + # Serve the sync() function as a JSON webhook. + observed = json.loads( + self.rfile.read(int(self.headers.get("content-length")))) + desired = self.sync(observed["object"], observed["attachments"]) + + self.send_response(200) + self.send_header("Content-type", "application/json") + self.end_headers() + self.wfile.write(bytes(json.dumps(desired), 'utf-8')) + + return HTTPServer((url, int(controller_port)), Controller) + + +if __name__ == "__main__": + main() diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/files/validation-messages/mlpipeline-minio-artifact.txt b/packs/kubeflow-1.9.1/charts/kubeflow/files/validation-messages/mlpipeline-minio-artifact.txt new file mode 100644 index 00000000..a81fc402 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/files/validation-messages/mlpipeline-minio-artifact.txt @@ -0,0 +1,12 @@ +Kubeflow Pipelines requires the Object Store K8s Secret name to be 'mlpipeline-minio-artifact'. +This is because the K8s Secret Name and Secret Keys are hardcoded: +* <=2.1.0: + https://github.com/kubeflow/pipelines/blob/2.1.0/backend/src/v2/objectstore/object_store.go#L292 +* >=2.2.0 (state as of 2nd May 2024) + https://github.com/kubeflow/pipelines/blob/2.2.0/backend/src/v2/config/env.go#L39 + +If the Secret Name is not provided in any of the following fields, the Secret +'mlpipeline-minio-artifact' will be created with the provided plaintext values: +* .Values.pipelines.config.objectStore.existingSecretName +* .Values.pipelines.config.objectStore.accessKey.secretKeyRef.name +* .Values.pipelines.config.objectStore.secretAccessKey.secretKeyRef.name diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/files/validation-messages/objectstore-accesskey-secretaccesskey-secret-ref.txt b/packs/kubeflow-1.9.1/charts/kubeflow/files/validation-messages/objectstore-accesskey-secretaccesskey-secret-ref.txt new file mode 100644 index 00000000..46d7198e --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/files/validation-messages/objectstore-accesskey-secretaccesskey-secret-ref.txt @@ -0,0 +1,3 @@ +Both of the following values must be either nil or 'mlpipeline-minio-artifact' at the same time: +* .Values.pipelines.config.objectStore.accessKey.secretKeyRef.name +* .Values.pipelines.config.objectStore.secretAccessKey.secretKeyRef.name diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_NOTES.txt b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_NOTES.txt new file mode 100644 index 00000000..8029e06b --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "kubeflow.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "kubeflow.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "kubeflow.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "kubeflow.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_deployment.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_deployment.yaml new file mode 100644 index 00000000..48b618f6 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_deployment.yaml @@ -0,0 +1,61 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "kubeflow.fullname" . }} + labels: + {{- include "kubeflow.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "kubeflow.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "kubeflow.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "kubeflow.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + livenessProbe: + httpGet: + path: / + port: http + readinessProbe: + httpGet: + path: / + port: http + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/_helpers.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/_helpers.tpl new file mode 100644 index 00000000..2765e201 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/_helpers.tpl @@ -0,0 +1,398 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "kubeflow.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "kubeflow.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "kubeflow.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "kubeflow.common.labels" -}} +helm.sh/chart: {{ include "kubeflow.chart" . }} +{{ include "kubeflow.common.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Common selector labels +*/}} +{{- define "kubeflow.common.selectorLabels" -}} +app.kubernetes.io/name: {{ include "kubeflow.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Indicates if Kubeflow is deployed in cluster mode. +*/}} +{{- define "kubeflow.deploymentMode.cluster" -}} +{{- ternary true "" (eq .Values.deploymentMode "cluster") -}} +{{- end }} + +{{/* +Indicates if Kubeflow is deployed in namespace mode. +TODO: use ternary for other conditionals. +*/}} +{{- define "kubeflow.deploymentMode.namespace" -}} +{{- ternary true "" (eq .Values.deploymentMode "namespace") -}} +{{- end }} + +{{- define "kubeflow.isMultiuser" -}} +{{- ternary "true" "false" (include "kubeflow.deploymentMode.cluster" . | eq "true") -}} +{{- end }} + +{{- define "kubeflow.deploymentMode.scopedRoleBindingKind" -}} +{{- ternary "ClusterRoleBinding" "RoleBinding" (include "kubeflow.deploymentMode.cluster" . | eq "true") -}} +{{- end }} + +{{- define "kubeflow.deploymentMode.scopedRoleKind" -}} +{{- ternary "ClusterRole" "Role" (include "kubeflow.deploymentMode.cluster" . | eq "true") -}} +{{- end }} + +{{/* +Indicates if should integrate with cert-manager. +*/}} +{{- define "kubeflow.certManagerIntegration.enabled" -}} +{{- ternary true "" .Values.certManagerIntegration.enabled -}} +{{- end }} + +{{/* +Kubeflow Component Names. + +Changing this function will reflect on all component and subcomponent names. +*/}} +{{- define "kubeflow.component.name" -}} +{{- $componentName := index . 0 -}} +{{- $context := index . 1 -}} +{{- $componentName }} +{{- end }} + + +{{/* +Component specific labels +*/}} +{{- define "kubeflow.component.labels" -}} +{{ include "kubeflow.component.selectorLabels" . }} +{{- end }} + +{{/* +Component specific selector labels +*/}} +{{- define "kubeflow.component.selectorLabels" -}} +app.kubernetes.io/component: {{ . }} +{{- end }} + +{{/* +subcomponent specific labels +*/}} +{{- define "kubeflow.component.subcomponent.labels" -}} +{{ include "kubeflow.component.subcomponent.selectorLabels" . }} +{{- end }} + +{{/* +subcomponent specific selector labels +*/}} +{{- define "kubeflow.component.subcomponent.selectorLabels" -}} +app.kubernetes.io/subcomponent: {{ . }} +{{- end }} + +{{/* +Role and ClusterRole aggregation rule labels +*/}} +{{- define "kubeflow.aggregationRule.labelBase" -}} +{{- $labelPrefix := "rbac.authorization.kubeflow.org/aggregate-to" -}} +{{- $roleName := . -}} +{{- printf "%s-%s: \"%s\"" + $labelPrefix + $roleName + "true" + -}} +{{- end -}} + +{{/* +Component Service. +*/}} +{{- define "kubeflow.component.svc.name" -}} +{{- $componentName := . -}} +{{ print $componentName }} +{{- end }} + +{{- define "kubeflow.component.svc.addressWithNs" -}} +{{- $ctx := index . 0 -}} +{{- $componentName := index . 1 -}} +{{ printf "%s.%s" + $componentName + (include "kubeflow.namespace" $ctx) +}} +{{- end }} + +{{- define "kubeflow.component.svc.addressWithSvc" -}} +{{- $ctx := index . 0 -}} +{{- $componentName := index . 1 -}} +{{ printf "%s.%s.svc" + $componentName + (include "kubeflow.namespace" $ctx) +}} +{{- end }} + +{{- define "kubeflow.component.svc.fqdn" -}} +{{- $ctx := index . 0 -}} +{{- $componentName := index . 1 -}} +{{ printf "%s.%s.svc.%s" + $componentName + (include "kubeflow.namespace" $ctx) + $ctx.Values.clusterDomain +}} +{{- end }} + +{{/* +Namespace for all resources to be installed into +If not defined in values file then the helm release namespace is used +By default this is not set so the helm release namespace will be used + +This gets around an problem within helm discussed here +https://github.com/helm/helm/issues/5358 +{{- default .Values.namespace .Release.Namespace }} +*/}} +{{- define "kubeflow.namespace" -}} +{{- default .Release.Namespace .Values.namespace }} +{{- end -}} + + +{{- define "kubeflow.component.autoscaling.enabled" -}} +{{- $defaultAutoscaling := index . 0 -}} +{{- $componentAutoscaling := index . 1 -}} +{{- if $componentAutoscaling -}} + {{- if eq nil $componentAutoscaling.enabled -}} + {{- $defaultAutoscaling.enabled }} + {{- else -}} + {{- $componentAutoscaling.enabled }} + {{- end -}} +{{- else -}} + {{- $defaultAutoscaling.enabled }} +{{- end -}} +{{- end }} + + +{{- define "kubeflow.component.autoscaling.minReplicas" -}} +{{- $defaultAutoscaling := index . 0 -}} +{{- $componentAutoscaling := index . 1 -}} +{{- if $componentAutoscaling -}} + {{- default $defaultAutoscaling.minReplicas $componentAutoscaling.minReplicas }} +{{- else -}} + {{- $defaultAutoscaling.minReplicas }} +{{- end -}} +{{- end }} + +{{- define "kubeflow.component.autoscaling.maxReplicas" -}} +{{- $defaultAutoscaling := index . 0 -}} +{{- $componentAutoscaling := index . 1 -}} +{{- if $componentAutoscaling -}} + {{- default $defaultAutoscaling.maxReplicas $componentAutoscaling.maxReplicas }} +{{- else -}} + {{- $defaultAutoscaling.maxReplicas }} +{{- end -}} +{{- end }} + +{{- define "kubeflow.component.autoscaling.targetCPUUtilizationPercentage" -}} +{{- $defaultAutoscaling := index . 0 -}} +{{- $componentAutoscaling := index . 1 -}} +{{- if $componentAutoscaling -}} + {{- default $defaultAutoscaling.targetCPUUtilizationPercentage $componentAutoscaling.targetCPUUtilizationPercentage }} +{{- else -}} + {{- $defaultAutoscaling.targetCPUUtilizationPercentage }} +{{- end -}} +{{- end }} + +{{- define "kubeflow.component.autoscaling.targetMemoryUtilizationPercentage" -}} +{{- $defaultAutoscaling := index . 0 -}} +{{- $componentAutoscaling := index . 1 -}} +{{- if $componentAutoscaling -}} + {{- default $defaultAutoscaling.targetMemoryUtilizationPercentage $componentAutoscaling.targetMemoryUtilizationPercentage }} +{{- else -}} + {{- $defaultAutoscaling.targetMemoryUtilizationPercentage }} +{{- end -}} +{{- end }} + + +{{- define "kubeflow.component.image" -}} +{{- $default := index . 0 -}} +{{- $component := index . 1 -}} +{{- $registry := default $default.registry $component.registryOverwrite -}} +{{- $repository := $component.repository -}} +{{- $tag := $component.tag -}} +{{- printf "%s/%s:%s" $registry $repository $tag }} +{{- end }} + +{{- define "kubeflow.component.imagePullPolicy" -}} +{{- $default := index . 0 -}} +{{- $component := index . 1 -}} +{{- $imagePullPolicy := default $default.pullPolicy $component.pullPolicyOverwrite -}} +{{- $imagePullPolicy }} +{{- end }} + +{{- define "kubeflow.component.serviceAccountName" -}} +{{- $componentName := index . 0 -}} +{{- $componentSA := index . 1 -}} +{{- if $componentSA.create }} + {{- default $componentName $componentSA.name }} +{{- else }} + {{- default "default" $componentSA.name -}} +{{- end }} +{{- end }} + +{{- define "kubeflow.component.serviceAccountPrincipal" -}} +{{- $ctx := index . 0 -}} +{{- $saName := index . 1 -}} +{{- printf "%s/ns/%s/sa/%s" + $ctx.Values.clusterDomain + (include "kubeflow.namespace" $ctx) + $saName +}} +{{- end }} + +{{- define "kubeflow.component.authorizationPolicyExtAuthName" -}} +{{- $componentName := index . 0 -}} +{{- $istioIntegration := index . 1 -}} +{{- $providerName := $istioIntegration.envoyExtAuthzHttpExtensionProviderName -}} +{{ printf "%s-%s" $componentName $providerName }} +{{- end }} + +{{/* +Kubeflow Component Security Context. +*/}} +{{- define "kubeflow.component.containerSecurityContext" -}} +{{- $defaultContext := index . 0 -}} +{{- $componentContext := index . 1 -}} +{{- if $componentContext -}} + {{- toYaml $componentContext }} +{{- else if $defaultContext -}} + {{- toYaml $defaultContext }} +{{- end }} +{{- end }} + +{{/* +Kubeflow Component Scheduling. + +TODO: investigate if this can be simply used like: +{{- include "mychart.affinity" . | nindent 8 }} +{{- include "mychart.nodeSelector" . | nindent 8 }} +{{- include "mychart.tolerations" . | nindent 8 }} +{{- include "mychart.topologySpreadConstraints" . | nindent 8 }} +https://chat.openai.com/share/c66d86ba-3b98-4942-a605-56b98889a313 +*/}} +{{- define "kubeflow.component.topologySpreadConstraints" -}} +{{- $defaultConstraints := index . 0 -}} +{{- $componentConstraints := index . 1 -}} +{{- if $componentConstraints -}} + {{- toYaml $componentConstraints }} +{{- else if $defaultConstraints -}} + {{- toYaml $defaultConstraints }} +{{- end }} +{{- end }} + +{{- define "kubeflow.component.nodeSelector" -}} +{{- $defaultNodeSelector := index . 0 -}} +{{- $componentNodeSelector := index . 1 -}} +{{- if $componentNodeSelector -}} + {{- toYaml $componentNodeSelector }} +{{- else if $defaultNodeSelector -}} + {{- toYaml $defaultNodeSelector }} +{{- end }} +{{- end }} + +{{- define "kubeflow.component.tolerations" -}} +{{- $defaultTolerations := index . 0 -}} +{{- $componentTolerations := index . 1 -}} +{{- if $componentTolerations -}} + {{- toYaml $componentTolerations }} +{{- else if $defaultTolerations -}} + {{- toYaml $defaultTolerations }} +{{- end }} +{{- end }} + +{{- define "kubeflow.component.affinity" -}} +{{- $defaultAffinity := index . 0 -}} +{{- $componentAffinity := index . 1 -}} +{{- if $componentAffinity -}} + {{- toYaml $componentAffinity }} +{{- else if $defaultAffinity -}} + {{- toYaml $defaultAffinity }} +{{- end }} +{{- end }} + +{{- define "kubeflow.component.terminationGracePeriodSeconds" -}} +{{- $defaultTerminationGracePeriodSeconds := index . 0 -}} +{{- $componentTerminationGracePeriodSeconds := index . 1 -}} +{{- if $componentTerminationGracePeriodSeconds -}} + {{- toYaml $componentTerminationGracePeriodSeconds }} +{{- else if $defaultTerminationGracePeriodSeconds -}} + {{- toYaml $defaultTerminationGracePeriodSeconds }} +{{- end }} +{{- end }} + +{{- define "kubeflow.component.pdb.create" -}} +{{- $componentEnabled := index . 0 -}} +{{- $defaultPDB := index . 1 -}} +{{- $componentPDB := index . 2 -}} +{{- and + (or $defaultPDB $componentPDB) + ($componentEnabled | eq "true") +}} +{{- end }} + +{{- define "kubeflow.component.pdb.values" -}} +{{- $defaultPDB := index . 0 -}} +{{- $componentPDB := index . 1 -}} +{{ toYaml (default $defaultPDB $componentPDB) }} +{{- end }} + +{{/* +Environment Entries parametrization with plaintext value +or through Secrets. +*/}} +{{- define "kubeflow.component.env.spec" -}} +{{- $envName := index . 0 -}} +{{- $defaultSecretName := index . 1 -}} +{{- $entryConfig := index . 2 -}} +{{- $secretName := default $defaultSecretName $entryConfig.secretKeyRef.name -}} +{{- $secretKey := $entryConfig.secretKeyRef.key -}} +{{- $entryValue := $entryConfig.value -}} +- name: {{ $envName }} + {{- if $secretName }} + valueFrom: + secretKeyRef: + name: {{ $secretName }} + key: {{ $secretKey }} + {{- else }} + value: {{ $entryValue | quote }} + {{- end }} +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.admissionWebhook.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.admissionWebhook.tpl new file mode 100644 index 00000000..f765184d --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.admissionWebhook.tpl @@ -0,0 +1,301 @@ +{{/* +Kubeflow Admission Webhook object names. +*/}} +{{- define "kubeflow.admissionWebhook.baseName" -}} +{{- printf "admission-webhook" }} +{{- end }} + +{{- define "kubeflow.admissionWebhook.name" -}} +{{- include "kubeflow.component.name" ( + list + (include "kubeflow.admissionWebhook.baseName" .) + . +)}} +{{- end }} + +{{- define "kubeflow.admissionWebhook.serviceAccountName" -}} +{{- include "kubeflow.component.serviceAccountName" ( + list + (include "kubeflow.admissionWebhook.name" .) + .Values.admissionWebhook.serviceAccount +)}} +{{- end }} + +{{- define "kubeflow.admissionWebhook.tlsCertSecretName" -}} +{{ printf "%s-%s" (include "kubeflow.admissionWebhook.name" .) "tls-certs" }} +{{- end }} + +{{- define "kubeflow.admissionWebhook.certIssuerName" -}} +{{ printf "%s-%s" (include "kubeflow.admissionWebhook.name" .) "selfsigned-issuer" }} +{{- end }} + +{{- define "kubeflow.admissionWebhook.certName" -}} +{{ printf "%s-%s" (include "kubeflow.admissionWebhook.name" .) "cert" }} +{{- end }} + +{{- define "kubeflow.admissionWebhook.webhookName" -}} +{{ print (include "kubeflow.admissionWebhook.name" .) }} +{{- end }} + +{{- define "kubeflow.admissionWebhook.mainClusterRoleName" -}} +{{- printf "%s-%s" + (include "kubeflow.fullname" .) + (include "kubeflow.admissionWebhook.name" .) +}} +{{- end }} + +{{- define "kubeflow.admissionWebhook.mainClusterRoleBindingName" -}} +{{- include "kubeflow.admissionWebhook.mainClusterRoleName" . }} +{{- end }} + +{{- define "kubeflow.admissionWebhook.kfPdAdminName" -}} +{{- printf "poddefaults-admin" }} +{{- end }} + +{{- define "kubeflow.admissionWebhook.kfPdEditName" -}} +{{- printf "poddefaults-edit" }} +{{- end }} + +{{- define "kubeflow.admissionWebhook.kfPdViewName" -}} +{{- printf "poddefaults-view" }} +{{- end }} + +{{- define "kubeflow.admissionWebhook.kfPdAdminClusterRoleName" -}} +{{- printf "%s-%s-%s" (include "kubeflow.fullname" .) (include "kubeflow.admissionWebhook.name" .) (include "kubeflow.admissionWebhook.kfPdAdminName" .) }} +{{- end }} + +{{- define "kubeflow.admissionWebhook.kfPdEditClusterRoleName" -}} +{{- printf "%s-%s-%s" (include "kubeflow.fullname" .) (include "kubeflow.admissionWebhook.name" .) (include "kubeflow.admissionWebhook.kfPdEditName" .) }} +{{- end }} + +{{- define "kubeflow.admissionWebhook.kfPdViewClusterRoleName" -}} +{{- printf "%s-%s-%s" (include "kubeflow.fullname" .) (include "kubeflow.admissionWebhook.name" .) (include "kubeflow.admissionWebhook.kfPdViewName" .) }} +{{- end }} + +{{- define "kubeflow.admissionWebhook.kfPdAdminClusterRoleLabelName" -}} +{{- printf "%s-%s" (include "kubeflow.fullname" .) (include "kubeflow.admissionWebhook.kfPdAdminName" .) }} +{{- end }} + +{{- define "kubeflow.admissionWebhook.kfPdEditClusterRoleLabelName" -}} +{{- printf "%s-%s" (include "kubeflow.fullname" .) (include "kubeflow.admissionWebhook.kfPdEditName" .) }} +{{- end }} + +{{/* +Role Aggregation Rule Labels +*/}} +{{- define "kubeflow.admissionWebhook.kfPdAdminClusterRoleLabel" -}} +{{- include "kubeflow.aggregationRule.labelBase" (include "kubeflow.admissionWebhook.kfPdAdminClusterRoleLabelName" .) -}} +{{- end }} + +{{- define "kubeflow.admissionWebhook.kfPdEditClusterRoleLabel" -}} +{{- include "kubeflow.aggregationRule.labelBase" (include "kubeflow.admissionWebhook.kfPdEditClusterRoleLabelName" .) -}} +{{- end }} + +{{/* +Kubeflow Admission Webhook Service. +*/}} +{{- define "kubeflow.admissionWebhook.svc.name" -}} +{{ include "kubeflow.component.svc.name" ( + include "kubeflow.admissionWebhook.name" . +)}} +{{- end }} + +{{- define "kubeflow.admissionWebhook.svc.addressWithNs" -}} +{{ include "kubeflow.component.svc.addressWithNs" ( + list + . + (include "kubeflow.admissionWebhook.name" .) +)}} +{{- end }} + +{{- define "kubeflow.admissionWebhook.svc.addressWithSvc" -}} +{{ include "kubeflow.component.svc.addressWithSvc" ( + list + . + (include "kubeflow.admissionWebhook.name" .) +)}} +{{- end }} + +{{- define "kubeflow.admissionWebhook.svc.fqdn" -}} +{{ include "kubeflow.component.svc.fqdn" ( + list + . + (include "kubeflow.admissionWebhook.name" .) +)}} +{{- end }} + +{{/* +Kubeflow Admission Webhook object labels. +*/}} +{{- define "kubeflow.admissionWebhook.labels" -}} +{{ include "kubeflow.common.labels" . }} +{{ include "kubeflow.component.labels" (include "kubeflow.admissionWebhook.name" .) }} +{{- end }} + +{{- define "kubeflow.admissionWebhook.selectorLabels" -}} +{{ include "kubeflow.common.selectorLabels" . }} +{{ include "kubeflow.component.selectorLabels" (include "kubeflow.admissionWebhook.name" .) }} +{{- end }} + +{{- define "kubeflow.admissionWebhook.partOfLabel" -}} +app.kubernetes.io/part-of: kubeflow-profile +{{- end }} + +{{/* +Kubeflow Admission Webhook container image settings. +*/}} +{{- define "kubeflow.admissionWebhook.image" -}} +{{ include "kubeflow.component.image" ( + list + .Values.defaults.image + .Values.admissionWebhook.image +)}} +{{- end }} + +{{- define "kubeflow.admissionWebhook.imagePullPolicy" -}} +{{ include "kubeflow.component.imagePullPolicy" ( + list + .Values.defaults.image + .Values.admissionWebhook.image +)}} +{{- end }} + +{{/* +Kubeflow Admission Webhook Autoscaling and Availability. +*/}} +{{- define "kubeflow.admissionWebhook.autoscaling.minReplicas" -}} +{{ include "kubeflow.component.autoscaling.minReplicas" ( + list + .Values.defaults.autoscaling + .Values.admissionWebhook.autoscaling +)}} +{{- end }} + +{{- define "kubeflow.admissionWebhook.autoscaling.maxReplicas" -}} +{{ include "kubeflow.component.autoscaling.maxReplicas" ( + list + .Values.defaults.autoscaling + .Values.admissionWebhook.autoscaling +)}} +{{- end }} + +{{- define "kubeflow.admissionWebhook.autoscaling.targetCPUUtilizationPercentage" -}} +{{ include "kubeflow.component.autoscaling.targetCPUUtilizationPercentage" ( + list + .Values.defaults.autoscaling + .Values.admissionWebhook.autoscaling +)}} +{{- end }} + +{{- define "kubeflow.admissionWebhook.autoscaling.targetMemoryUtilizationPercentage" -}} +{{ include "kubeflow.component.autoscaling.targetMemoryUtilizationPercentage" ( + list + .Values.defaults.autoscaling + .Values.admissionWebhook.autoscaling +)}} +{{- end }} + +{{- define "kubeflow.admissionWebhook.pdb.values" -}} +{{- include "kubeflow.component.pdb.values" ( + list + .Values.defaults.podDisruptionBudget + .Values.admissionWebhook.podDisruptionBudget +)}} +{{- end }} + +{{/* +Kubeflow Admission Webhook Security Context. +*/}} +{{- define "kubeflow.admissionWebhook.containerSecurityContext" -}} +{{ include "kubeflow.component.containerSecurityContext" ( + list + .Values.defaults.containerSecurityContext + .Values.admissionWebhook.containerSecurityContext +)}} +{{- end }} + +{{/* +Kubeflow Admission Webhook Scheduling. +*/}} +{{- define "kubeflow.admissionWebhook.topologySpreadConstraints" -}} +{{ include "kubeflow.component.topologySpreadConstraints" ( + list + .Values.defaults.topologySpreadConstraints + .Values.admissionWebhook.topologySpreadConstraints +)}} +{{- end }} + +{{- define "kubeflow.admissionWebhook.nodeSelector" -}} +{{ include "kubeflow.component.nodeSelector" ( + list + .Values.defaults.nodeSelector + .Values.admissionWebhook.nodeSelector +)}} +{{- end }} + +{{- define "kubeflow.admissionWebhook.tolerations" -}} +{{ include "kubeflow.component.tolerations" ( + list + .Values.defaults.tolerations + .Values.admissionWebhook.tolerations +)}} +{{- end }} + +{{- define "kubeflow.admissionWebhook.affinity" -}} +{{ include "kubeflow.component.affinity" ( + list + .Values.defaults.affinity + .Values.admissionWebhook.affinity +)}} +{{- end }} + +{{/* +Kubeflow Admission Webhook enable and create toggles. +*/}} +{{- define "kubeflow.admissionWebhook.enabled" -}} +{{- .Values.admissionWebhook.enabled }} +{{- end }} + +{{- define "kubeflow.admissionWebhook.autoscaling.enabled" -}} +{{ include "kubeflow.component.autoscaling.enabled" ( + list + .Values.defaults.autoscaling + .Values.admissionWebhook.autoscaling +)}} +{{- end }} + +{{- define "kubeflow.admissionWebhook.rbac.createRoles" -}} +{{- ternary true "" ( + and + (include "kubeflow.admissionWebhook.enabled" . | eq "true") + .Values.admissionWebhook.rbac.create +)}} +{{- end }} + +{{- define "kubeflow.admissionWebhook.createServiceAccount" -}} +{{- ternary true "" ( +and + (include "kubeflow.admissionWebhook.enabled" . | eq "true") + .Values.admissionWebhook.serviceAccount.create +)}} +{{- end }} + +{{- define "kubeflow.admissionWebhook.pdb.create" -}} +{{- include "kubeflow.component.pdb.create" ( + list + (include "kubeflow.admissionWebhook.enabled" .) + .Values.defaults.podDisruptionBudget + .Values.admissionWebhook.podDisruptionBudget +)}} +{{- end }} + +{{/* +Kubeflow Admission Webhook certificate manager. +*/}} +{{- define "kubeflow.admissionWebhook.enabledWithCertManager" -}} +{{- ternary true "" ( + and + (include "kubeflow.admissionWebhook.enabled" . | eq "true" ) + (include "kubeflow.certManagerIntegration.enabled" . | eq "true" ) +)}} +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.centraldashboard.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.centraldashboard.tpl new file mode 100644 index 00000000..47c4e880 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.centraldashboard.tpl @@ -0,0 +1,221 @@ +{{/* +Kubeflow Centraldashboard object names. +*/}} +{{- define "kubeflow.centraldashboard.baseName" -}} +{{- printf "centraldashboard" }} +{{- end }} + +{{- define "kubeflow.centraldashboard.name" -}} +{{- include "kubeflow.component.name" ( + list + (include "kubeflow.centraldashboard.baseName" .) + . +)}} +{{- end }} + +{{- define "kubeflow.centraldashboard.serviceAccountName" -}} +{{- include "kubeflow.component.serviceAccountName" ( + list + (include "kubeflow.centraldashboard.name" .) + .Values.centraldashboard.serviceAccount) +}} +{{- end }} + +{{- define "kubeflow.centraldashboard.roleName" -}} +{{- include "kubeflow.centraldashboard.name" . }} +{{- end }} + +{{- define "kubeflow.centraldashboard.roleBindingName" -}} +{{- include "kubeflow.centraldashboard.name" . }} +{{- end }} + +{{- define "kubeflow.centraldashboard.clusterRoleName" -}} +{{- include "kubeflow.centraldashboard.name" . }} +{{- end }} + +{{- define "kubeflow.centraldashboard.clusterRoleBindingName" -}} +{{- include "kubeflow.centraldashboard.name" . }} +{{- end }} + +{{- define "kubeflow.centraldashboard.config.name" -}} +{{ printf "%s-config" (include "kubeflow.centraldashboard.name" .) }} +{{- end }} + +{{- define "kubeflow.centraldashboard.authorizationPolicyExtAuthName" -}} +{{ include "kubeflow.component.authorizationPolicyExtAuthName" ( + list + (include "kubeflow.centraldashboard.name" .) + .Values.istioIntegration +)}} +{{- end }} + +{{/* +Kubeflow Centraldashboard Service. +*/}} +{{- define "kubeflow.centraldashboard.svc.name" -}} +{{ include "kubeflow.component.svc.name" ( + include "kubeflow.centraldashboard.name" . +)}} +{{- end }} + +{{- define "kubeflow.centraldashboard.svc.addressWithNs" -}} +{{ include "kubeflow.component.svc.addressWithNs" ( + list + . + (include "kubeflow.centraldashboard.name" .) +)}} +{{- end }} + +{{- define "kubeflow.centraldashboard.svc.addressWithSvc" -}} +{{ include "kubeflow.component.svc.addressWithSvc" ( + list + . + (include "kubeflow.centraldashboard.name" .) +)}} +{{- end }} + +{{- define "kubeflow.centraldashboard.svc.fqdn" -}} +{{ include "kubeflow.component.svc.fqdn" ( + list + . + (include "kubeflow.centraldashboard.name" .) +)}} +{{- end }} + +{{/* +Kubeflow Centraldashboard object labels. +*/}} +{{- define "kubeflow.centraldashboard.labels" -}} +{{ include "kubeflow.common.labels" . }} +{{ include "kubeflow.component.labels" (include "kubeflow.centraldashboard.name" .) }} +{{- end }} + +{{- define "kubeflow.centraldashboard.selectorLabels" -}} +{{ include "kubeflow.common.selectorLabels" . }} +{{ include "kubeflow.component.selectorLabels" (include "kubeflow.centraldashboard.name" .) }} +{{- end }} + +{{/* +Kubeflow Centraldashboard container image settings. +*/}} +{{- define "kubeflow.centraldashboard.image" -}} +{{ include "kubeflow.component.image" (list .Values.defaults.image .Values.centraldashboard.image) }} +{{- end }} + +{{- define "kubeflow.centraldashboard.imagePullPolicy" -}} +{{ include "kubeflow.component.imagePullPolicy" (list .Values.defaults.image .Values.centraldashboard.image) }} +{{- end }} + +{{/* +Kubeflow Centraldashboard Autoscaling and Availability. +*/}} +{{- define "kubeflow.centraldashboard.autoscaling.enabled" -}} +{{ include "kubeflow.component.autoscaling.enabled" (list .Values.defaults.autoscaling .Values.centraldashboard.autoscaling) }} +{{- end }} + +{{- define "kubeflow.centraldashboard.autoscaling.minReplicas" -}} +{{ include "kubeflow.component.autoscaling.minReplicas" (list .Values.defaults.autoscaling .Values.centraldashboard.autoscaling) }} +{{- end }} + +{{- define "kubeflow.centraldashboard.autoscaling.maxReplicas" -}} +{{ include "kubeflow.component.autoscaling.maxReplicas" (list .Values.defaults.autoscaling .Values.centraldashboard.autoscaling) }} +{{- end }} + +{{- define "kubeflow.centraldashboard.autoscaling.targetCPUUtilizationPercentage" -}} +{{ include "kubeflow.component.autoscaling.targetCPUUtilizationPercentage" (list .Values.defaults.autoscaling .Values.centraldashboard.autoscaling) }} +{{- end }} + +{{- define "kubeflow.centraldashboard.autoscaling.targetMemoryUtilizationPercentage" -}} +{{ include "kubeflow.component.autoscaling.targetMemoryUtilizationPercentage" (list .Values.defaults.autoscaling .Values.centraldashboard.autoscaling) }} +{{- end }} + +{{- define "kubeflow.centraldashboard.pdb.values" -}} +{{- include "kubeflow.component.pdb.values" ( + list + .Values.defaults.podDisruptionBudget + .Values.centraldashboard.podDisruptionBudget +)}} +{{- end }} + +{{/* +Kubeflow Centraldashboard Security Context. +*/}} +{{- define "kubeflow.centraldashboard.containerSecurityContext" -}} +{{ include "kubeflow.component.containerSecurityContext" ( + list + .Values.defaults.containerSecurityContext + .Values.centraldashboard.containerSecurityContext +)}} +{{- end }} + +{{/* +Kubeflow Centraldashboard Scheduling. +*/}} +{{- define "kubeflow.centraldashboard.topologySpreadConstraints" -}} +{{ include "kubeflow.component.topologySpreadConstraints" ( + list + .Values.defaults.topologySpreadConstraints + .Values.centraldashboard.topologySpreadConstraints +)}} +{{- end }} + +{{- define "kubeflow.centraldashboard.nodeSelector" -}} +{{ include "kubeflow.component.nodeSelector" ( + list + .Values.defaults.nodeSelector + .Values.centraldashboard.nodeSelector +)}} +{{- end }} + +{{- define "kubeflow.centraldashboard.tolerations" -}} +{{ include "kubeflow.component.tolerations" ( + list + .Values.defaults.tolerations + .Values.centraldashboard.tolerations +)}} +{{- end }} + +{{- define "kubeflow.centraldashboard.affinity" -}} +{{ include "kubeflow.component.affinity" ( + list + .Values.defaults.affinity + .Values.centraldashboard.affinity +)}} +{{- end }} + +{{/* +Kubeflow Centraldashboard enable and create toggles. +*/}} +{{- define "kubeflow.centraldashboard.enabled" -}} +{{- .Values.centraldashboard.enabled }} +{{- end }} + +{{- define "kubeflow.centraldashboard.createIstioIntegrationObjects" -}} +{{- ternary true "" ( + and + (include "kubeflow.centraldashboard.enabled" . | eq "true") + .Values.istioIntegration.enabled +)}} +{{- end }} + +{{- define "kubeflow.centraldashboard.rbac.createRoles" -}} +{{- and + (include "kubeflow.centraldashboard.enabled" . | eq "true") + .Values.centraldashboard.rbac.create }} +{{- end }} + +{{- define "kubeflow.centraldashboard.createServiceAccount" -}} +{{- and + (include "kubeflow.centraldashboard.enabled" . | eq "true") + .Values.centraldashboard.serviceAccount.create +}} +{{- end }} + +{{- define "kubeflow.centraldashboard.pdb.create" -}} +{{- include "kubeflow.component.pdb.create" ( + list + (include "kubeflow.centraldashboard.enabled" .) + .Values.defaults.podDisruptionBudget + .Values.centraldashboard.podDisruptionBudget +)}} +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.dexIntegration.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.dexIntegration.tpl new file mode 100644 index 00000000..0121a79e --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.dexIntegration.tpl @@ -0,0 +1,61 @@ +{{/* +Dex Integration object names. +*/}} +{{- define "kubeflow.dexIntegration.baseName" -}} +{{- printf "dex" }} +{{- end }} + +{{- define "kubeflow.dexIntegration.name" -}} +{{- include "kubeflow.component.name" ( + list + (include "kubeflow.dexIntegration.baseName" .) + . +)}} +{{- end }} + +{{/* +Dex Service. +*/}} +{{- define "kubeflow.dexIntegration.svc.fqdn" -}} +{{ printf "%s.%s.svc.%s" + .Values.dexIntegration.svc.name + .Values.dexIntegration.svc.namespace + .Values.clusterDomain +}} +{{- end }} + +{{/* +Dex Integration object labels. +*/}} +{{- define "kubeflow.dexIntegration.labels" -}} +{{ include "kubeflow.common.labels" . }} +{{ include "kubeflow.component.labels" (include "kubeflow.dexIntegration.name" .) }} +{{- end }} + +{{/* +Dex Integration enable and create toggles. +*/}} +{{- define "kubeflow.dexIntegration.enabled" -}} +{{- or + ( + and + (eq .Values.dexIntegration.integrationMode "istio") + .Values.istioIntegration.enabled + .Values.dexIntegration.enabled + ) + ( + and + (eq .Values.dexIntegration.integrationMode "ingress") + .Values.dexIntegration.enabled + ) +}} +{{- end }} + + +{{- define "kubeflow.dexIntegration.istio.enabled" -}} +{{- ternary true "" ( + and + (include "kubeflow.dexIntegration.enabled" . | eq "true") + .Values.istioIntegration.enabled +)}} +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.istio.authorizationPolicy.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.istio.authorizationPolicy.tpl new file mode 100644 index 00000000..1f8ffe44 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.istio.authorizationPolicy.tpl @@ -0,0 +1,14 @@ +{{ define "istio.authorizationPolicy" }} +apiVersion: security.istio.io/v1beta1 +kind: AuthorizationPolicy +metadata: + name: "{{ .name }}" + namespace: "{{ .namespace }}" +spec: + action: "{{ default "ALLOW" .action }}" + rules: + - {} + selector: + matchLabels: + {{- toYaml .labels | nindent 6 -}} +{{- end}} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.istioIntegration.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.istioIntegration.tpl new file mode 100644 index 00000000..394f5696 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.istioIntegration.tpl @@ -0,0 +1,133 @@ +{{/* +Istio Integration object names. +*/}} + +{{- define "kubeflow.istioIntegration.baseName" -}} +{{- print "istio-integration" }} +{{- end }} + +{{- define "kubeflow.istioIntegration.name" -}} +{{- include "kubeflow.component.name" ( + list + (include "kubeflow.istioIntegration.baseName" .) + . +)}} +{{- end }} + +{{- define "kubeflow.istioIntegration.istioAdminRoleName" -}} +{{- printf "%s-%s" (include "kubeflow.fullname" .) "istio-admin" }} +{{- end }} + +{{- define "kubeflow.istioIntegration.istioEditRoleName" -}} +{{- printf "%s-%s" (include "kubeflow.fullname" .) "istio-edit" }} +{{- end }} + +{{- define "kubeflow.istioIntegration.istioViewRoleName" -}} +{{- printf "%s-%s" (include "kubeflow.fullname" .) "istio-view" }} +{{- end }} + +{{- define "kubeflow.istioIntegration.m2m.requestAuthenticationName" -}} +{{- printf "%s-%s" (include "kubeflow.fullname" .) "m2m" }} +{{- end }} + +{{- define "kubeflow.istioIntegration.m2m.selfSigned.jobName" -}} +{{- printf "%s-%s" (include "kubeflow.fullname" .) "configure-self-signed-m2m" }} +{{- end }} + +{{- define "kubeflow.istioIntegration.m2m.selfSigned.inClusterClusterRoleBindingName" -}} +{{- printf "%s-%s" (include "kubeflow.fullname" .) "unauthenticated-oidc-viewer" }} +{{- end }} + +{{- define "kubeflow.istioIntegration.userAuth.requestAuthenticationName" -}} +{{- printf "%s-%s" (include "kubeflow.fullname" .) "user-auth" }} +{{- end }} + +{{- define "kubeflow.istioIntegration.extAuth.authorizationPolicyName" -}} +{{- printf "%s-ext-auth-%s" + (include "kubeflow.fullname" .) + .Values.istioIntegration.envoyExtAuthzHttpExtensionProviderName +}} +{{- end }} + +{{- define "kubeflow.istioIntegration.jwtRequire.authorizationPolicyName" -}} +{{- printf "%s-jwt-require" + (include "kubeflow.fullname" .) +}} +{{- end }} + +{{/* +Role Aggregation Rule Labels +*/}} +{{- define "kubeflow.istioIntegration.istioAdminRoleLabel" -}} +{{- include "kubeflow.aggregationRule.labelBase" (include "kubeflow.istioIntegration.istioAdminRoleName" .) -}} +{{- end }} + +{{/* +Istio Integration object labels. +*/}} +{{- define "kubeflow.istioIntegration.labels" -}} +{{ include "kubeflow.common.labels" . }} +{{ include "kubeflow.component.labels" (include "kubeflow.istioIntegration.name" .) }} +{{- end }} + +{{/* +Istio Integration enable and create toggles. +*/}} +{{- define "kubeflow.istioIntegration.enabled" -}} +{{- .Values.istioIntegration.enabled }} +{{- end }} + +{{- define "kubeflow.istioIntegration.m2m.enabled" -}} +{{- and + (include "kubeflow.istioIntegration.enabled" . | eq "true" ) + .Values.istioIntegration.m2m.enabled +}} +{{- end }} + +{{- define "kubeflow.istioIntegration.m2m.selfSigned.autoJwksDiscovery" -}} +{{- and + (include "kubeflow.istioIntegration.enabled" . | eq "true" ) + .Values.istioIntegration.m2m.selfSigned.autoJwksDiscovery +}} +{{- end }} + +{{- define "kubeflow.istioIntegration.authorizationMode.granular" -}} +{{- ternary true "" (eq .Values.istioIntegration.authorizationMode "granular") -}} +{{- end }} + +{{- define "kubeflow.istioIntegration.authorizationMode.ingressgateway" -}} +{{- ternary true "" (eq .Values.istioIntegration.authorizationMode "ingressgateway") -}} +{{- end }} + +{{- define "kubeflow.istioIntegration.istioIngressGateway.serviceAccountPrincipal" -}} +{{- printf "%s/ns/%s/sa/%s" + .Values.clusterDomain + .Values.istioIntegration.ingressGatewayNamespace + .Values.istioIntegration.ingressGatewayServiceAccountName +}} +{{- end }} + +{{- define "kubeflow.istioIntegration.kubeflowJwksProxy.name" -}} +{{- printf "%s-jwks-proxy" + (include "kubeflow.fullname" .) +}} +{{- end -}} + +{{- define "kubeflow.istioIntegration.kubeflowJwksProxy.labels" -}} +app.kubernetes.io/name: {{ include "kubeflow.istioIntegration.kubeflowJwksProxy.name" . }} +{{- end -}} + +{{- define "kubeflow.istioIntegration.kubeflowJwksProxy.namespace" -}} +{{ include "kubeflow.namespace" . }} +{{- end -}} + +{{- define "kubeflow.istioIntegration.jwksUri" -}} +http://{{ include "kubeflow.istioIntegration.kubeflowJwksProxy.name" . }}.{{ include "kubeflow.istioIntegration.kubeflowJwksProxy.namespace" . }}.svc.cluster.local/openid/v1/jwks +{{- end -}} + +{{- define "kubeflow.istioIntegration.kubeflowJwksProxy.enabled" -}} +{{- and + (include "kubeflow.istioIntegration.enabled" . | eq "true" ) + .Values.istioIntegration.kubeflowJwksProxy.enabled +}} +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.katib.controller.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.katib.controller.tpl new file mode 100644 index 00000000..cb70ec8a --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.katib.controller.tpl @@ -0,0 +1,332 @@ +{{/* +Kubeflow Katib Controller object names. +*/}} +{{- define "kubeflow.katib.controller.baseName" -}} +{{- printf "katib-controller" }} +{{- end }} + +{{- define "kubeflow.katib.controller.name" -}} +{{- include "kubeflow.component.name" ( + list + (include "kubeflow.katib.controller.baseName" .) + . +)}} +{{- end }} + +{{- define "kubeflow.katib.controller.serviceAccountName" -}} +{{- include "kubeflow.component.serviceAccountName" ( + list + (include "kubeflow.katib.controller.name" .) + .Values.katib.controller.serviceAccount +)}} +{{- end }} + +{{- define "kubeflow.katib.controller.serviceAccountPrincipal" -}} +{{- include "kubeflow.component.serviceAccountPrincipal" ( + list + . + (include "kubeflow.katib.controller.serviceAccountName" .) +)}} +{{- end }} + +{{- define "kubeflow.katib.controller.mainClusterRoleName" -}} +{{- include "kubeflow.katib.controller.name" . }} +{{- end }} + +{{- define "kubeflow.katib.controller.mainClusterRoleBindingName" -}} +{{- include "kubeflow.katib.controller.mainClusterRoleName" . }} +{{- end }} + +{{- define "kubeflow.katib.controller.leaderElectionRoleName" -}} +{{- printf "%s-%s-%s" + (include "kubeflow.fullname" .) + (include "kubeflow.katib.controller.name" .) + "leader-election" +}} +{{- end }} + +{{- define "kubeflow.katib.controller.leaderElectionRoleBindingName" -}} +{{- include "kubeflow.katib.controller.leaderElectionRoleName" . }} +{{- end }} + +{{- define "kubeflow.katib.controller.kfNbAdminClusterRoleName" -}} +{{- printf "%s-%s" (include "kubeflow.fullname" .) "katib-admin" }} +{{- end }} + +{{- define "kubeflow.katib.controller.kfNbEditClusterRoleName" -}} +{{- printf "%s-%s" (include "kubeflow.fullname" .) "katib-edit" }} +{{- end }} + +{{- define "kubeflow.katib.controller.kfNbViewClusterRoleName" -}} +{{- printf "%s-%s" (include "kubeflow.fullname" .) "katib-view" }} +{{- end }} + +{{- define "kubeflow.katib.controller.configMapName" -}} +{{/* +katib-config ConfigMap name is hardcoded +https://github.com/kubeflow/katib/blob/0e2ba6efc1bc18b1d1d72b90046598a00f02a2c3/pkg/controller.v1beta1/consts/const.go#L109 +https://github.com/kubeflow/katib/blob/0e2ba6efc1bc18b1d1d72b90046598a00f02a2c3/pkg/util/v1beta1/katibconfig/config.go#L164 +{{- printf "%s-%s" (include "kubeflow.katib.controller.name" .) "config" }} +*/}} +{{- printf "katib-config" }} +{{- end }} + +{{/* +Role Aggregation Rule Labels +*/}} +{{- define "kubeflow.katib.controller.kfNbAdminClusterRoleLabel" -}} +{{- include "kubeflow.aggregationRule.labelBase" (include "kubeflow.katib.controller.kfNbAdminClusterRoleName" .) -}} +{{- end }} + +{{/* +Kubeflow Katib Controller Service. +*/}} +{{- define "kubeflow.katib.controller.svc.name" -}} +{{ include "kubeflow.component.svc.name" ( + include "kubeflow.katib.controller.name" . +)}} +{{- end }} + +{{- define "kubeflow.katib.controller.svc.addressWithNs" -}} +{{ include "kubeflow.component.svc.addressWithNs" ( + list + . + (include "kubeflow.katib.controller.name" .) +)}} +{{- end }} + +{{- define "kubeflow.katib.controller.svc.addressWithSvc" -}} +{{ include "kubeflow.component.svc.addressWithSvc" ( + list + . + (include "kubeflow.katib.controller.name" .) +)}} +{{- end }} + +{{- define "kubeflow.katib.controller.svc.fqdn" -}} +{{ include "kubeflow.component.svc.fqdn" ( + list + . + (include "kubeflow.katib.controller.name" .) +)}} +{{- end }} + +{{/* +Kubeflow Katib Controller object labels. +*/}} +{{- define "kubeflow.katib.controller.labels" -}} +{{ include "kubeflow.common.labels" . }} +{{ include "kubeflow.component.labels" (include "kubeflow.katib.name" .) }} +{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.katib.controller.name" .) }} +{{- end }} + +{{- define "kubeflow.katib.controller.selectorLabels" -}} +{{ include "kubeflow.common.selectorLabels" . }} +{{ include "kubeflow.component.selectorLabels" (include "kubeflow.katib.name" .) }} +{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.katib.controller.name" .) }} +{{- end }} + +{{/* +Kubeflow Katib Controller container image settings. +*/}} +{{- define "kubeflow.katib.controller.image" -}} +{{ include "kubeflow.component.image" ( + list + .Values.defaults.image + .Values.katib.controller.image +)}} +{{- end }} + +{{- define "kubeflow.katib.controller.imagePullPolicy" -}} +{{ include "kubeflow.component.imagePullPolicy" ( + list + .Values.defaults.image + .Values.katib.controller.image +)}} +{{- end }} + +{{/* +Kubeflow Katib Controller Autoscaling and Availability. +*/}} +{{- define "kubeflow.katib.controller.autoscaling.minReplicas" -}} +{{ include "kubeflow.component.autoscaling.minReplicas" ( + list + .Values.defaults.autoscaling + .Values.katib.controller.autoscaling +)}} +{{- end }} + +{{- define "kubeflow.katib.controller.autoscaling.maxReplicas" -}} +{{ include "kubeflow.component.autoscaling.maxReplicas" ( + list + .Values.defaults.autoscaling + .Values.katib.controller.autoscaling +)}} +{{- end }} + +{{- define "kubeflow.katib.controller.autoscaling.targetCPUUtilizationPercentage" -}} +{{ include "kubeflow.component.autoscaling.targetCPUUtilizationPercentage" ( + list + .Values.defaults.autoscaling + .Values.katib.controller.autoscaling +)}} +{{- end }} + +{{- define "kubeflow.katib.controller.autoscaling.targetMemoryUtilizationPercentage" -}} +{{ include "kubeflow.component.autoscaling.targetMemoryUtilizationPercentage" ( + list + .Values.defaults.autoscaling + .Values.katib.controller.autoscaling +)}} +{{- end }} + +{{- define "kubeflow.katib.controller.pdb.values" -}} +{{- include "kubeflow.component.pdb.values" ( + list + .Values.defaults.podDisruptionBudget + .Values.katib.controller.podDisruptionBudget +)}} +{{- end }} + +{{/* +Kubeflow Katib Controller Security Context. +*/}} +{{- define "kubeflow.katib.controller.containerSecurityContext" -}} +{{ include "kubeflow.component.containerSecurityContext" ( + list + .Values.defaults.containerSecurityContext + .Values.katib.controller.containerSecurityContext +)}} +{{- end }} + +{{/* +Kubeflow Katib Controller Scheduling. +*/}} +{{- define "kubeflow.katib.controller.topologySpreadConstraints" -}} +{{ include "kubeflow.component.topologySpreadConstraints" ( + list + .Values.defaults.topologySpreadConstraints + .Values.katib.controller.topologySpreadConstraints +)}} +{{- end }} + +{{- define "kubeflow.katib.controller.nodeSelector" -}} +{{ include "kubeflow.component.nodeSelector" ( + list + .Values.defaults.nodeSelector + .Values.katib.controller.nodeSelector +)}} +{{- end }} + +{{- define "kubeflow.katib.controller.tolerations" -}} +{{ include "kubeflow.component.tolerations" ( + list + .Values.defaults.tolerations + .Values.katib.controller.tolerations +)}} +{{- end }} + +{{- define "kubeflow.katib.controller.affinity" -}} +{{ include "kubeflow.component.affinity" ( + list + .Values.defaults.affinity + .Values.katib.controller.affinity +)}} +{{- end }} + +{{/* +Kubeflow Katib Controller enable and create toggles. +*/}} +{{- define "kubeflow.katib.controller.enabled" -}} +{{- ternary true "" ( + and + (include "kubeflow.katib.enabled" . | eq "true") + .Values.katib.controller.enabled +)}} +{{- end }} + +{{- define "kubeflow.katib.controller.autoscaling.enabled" -}} +{{ include "kubeflow.component.autoscaling.enabled" ( + list + .Values.defaults.autoscaling + .Values.katib.controller.autoscaling +)}} +{{- end }} + +{{- define "kubeflow.katib.controller.rbac.createRoles" -}} +{{- ternary true "" ( + and + (include "kubeflow.katib.controller.enabled" . | eq "true") + .Values.katib.controller.rbac.create +)}} +{{- end }} + +{{- define "kubeflow.katib.controller.createServiceAccount" -}} +{{- ternary true "" ( +and + (include "kubeflow.katib.controller.enabled" . | eq "true") + .Values.katib.controller.serviceAccount.create +)}} +{{- end }} + +{{- define "kubeflow.katib.controller.pdb.create" -}} +{{- include "kubeflow.component.pdb.create" ( + list + (include "kubeflow.katib.controller.enabled" .) + .Values.defaults.podDisruptionBudget + .Values.katib.controller.podDisruptionBudget +)}} +{{- end }} + +{{/* +Kubeflow Katib Controller certificate manager. +*/}} +{{- define "kubeflow.katib.controller.enabledWithCertManager" -}} +{{- ternary true "" ( + and + (include "kubeflow.katib.controller.enabled" . | eq "true" ) + (include "kubeflow.certManagerIntegration.enabled" . | eq "true" ) +)}} +{{- end }} + +{{- define "kubeflow.katib.controller.certIssuerName" -}} +{{ printf "%s-%s" (include "kubeflow.katib.controller.name" .) "selfsigned-issuer" }} +{{- end }} + +{{- define "kubeflow.katib.controller.tlsCertSecretName" -}} +{{ printf "%s-%s" (include "kubeflow.katib.controller.name" .) "tls-certs" }} +{{- end }} + +{{- define "kubeflow.katib.controller.validatingWebhookName" -}} +{{ printf "%s-%s" (include "kubeflow.katib.controller.name" .) "validating" }} +{{- end }} + +{{- define "kubeflow.katib.controller.mutatingWebhookName" -}} +{{ printf "%s-%s" (include "kubeflow.katib.controller.name" .) "mutating" }} +{{- end }} + +{{- define "kubeflow.katib.controller.certName" -}} +{{ printf "%s-%s" (include "kubeflow.katib.controller.name" .) "cert" }} +{{- end }} + +{{/* +Kubeflow Katib Controller Admission Webhooks. +*/}} +{{- define "kubeflow.katib.controller.webhook.baseName" -}} +{{ printf "katib.kubeflow.org" }} +{{- end }} + +{{- define "kubeflow.katib.controller.mutatingWebhook.name" -}} +{{ printf "%s" (include "kubeflow.katib.controller.webhook.baseName" .) }} +{{- end }} + +{{- define "kubeflow.katib.controller.validatingWebhook.name" -}} +{{ printf "%s" (include "kubeflow.katib.controller.webhook.baseName" .) }} +{{- end }} + +{{/* +{{- define "kubeflow.katib.controller.mutatingWebhook.experimentDefaulter.name" -}} +{{ printf "%s.%s" "defaulter.experiment" (include "kubeflow.katib.controller.mutatingWebhook.name" .) }} +{{- end }} +*/}} + diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.katib.dbmanager.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.katib.dbmanager.tpl new file mode 100644 index 00000000..7f796cb7 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.katib.dbmanager.tpl @@ -0,0 +1,358 @@ +{{/* +Kubeflow Katib dbmanager object names. +*/}} +{{- define "kubeflow.katib.dbmanager.baseName" -}} +{{- printf "katib-db-manager" }} +{{- end }} + +{{- define "kubeflow.katib.dbmanager.name" -}} +{{- include "kubeflow.component.name" ( + list + (include "kubeflow.katib.dbmanager.baseName" .) + . +)}} +{{- end }} + +{{- define "kubeflow.katib.dbmanager.serviceAccountName" -}} +{{- include "kubeflow.component.serviceAccountName" ( + list + (include "kubeflow.katib.dbmanager.name" .) + .Values.katib.dbmanager.serviceAccount +)}} +{{- end }} + +{{- define "kubeflow.katib.dbmanager.serviceAccountPrincipal" -}} +{{- include "kubeflow.component.serviceAccountPrincipal" ( + list + . + (include "kubeflow.katib.dbmanager.serviceAccountName" .) +)}} +{{- end }} + +{{- define "kubeflow.katib.dbmanager.mainClusterRoleName" -}} +{{- include "kubeflow.katib.dbmanager.name" . }} +{{- end }} + +{{- define "kubeflow.katib.dbmanager.mainClusterRoleBindingName" -}} +{{- include "kubeflow.katib.dbmanager.mainClusterRoleName" . }} +{{- end }} + +{{- define "kubeflow.katib.dbmanager.leaderElectionRoleName" -}} +{{- printf "%s-%s-%s" + (include "kubeflow.fullname" .) + (include "kubeflow.katib.dbmanager.name" .) + "leader-election" +}} +{{- end }} + +{{- define "kubeflow.katib.dbmanager.leaderElectionRoleBindingName" -}} +{{- include "kubeflow.katib.dbmanager.leaderElectionRoleName" . }} +{{- end }} + +{{- define "kubeflow.katib.dbmanager.kfNbAdminClusterRoleName" -}} +{{- printf "%s-%s" (include "kubeflow.fullname" .) "katib-admin" }} +{{- end }} + +{{- define "kubeflow.katib.dbmanager.kfNbEditClusterRoleName" -}} +{{- printf "%s-%s" (include "kubeflow.fullname" .) "katib-edit" }} +{{- end }} + +{{- define "kubeflow.katib.dbmanager.kfNbViewClusterRoleName" -}} +{{- printf "%s-%s" (include "kubeflow.fullname" .) "katib-view" }} +{{- end }} + +{{/* +Role Aggregation Rule Labels +*/}} +{{- define "kubeflow.katib.dbmanager.kfNbAdminClusterRoleLabel" -}} +{{- include "kubeflow.aggregationRule.labelBase" (include "kubeflow.katib.dbmanager.kfNbAdminClusterRoleName" .) -}} +{{- end }} + +{{/* +Kubeflow Katib dbmanager Service. +*/}} +{{- define "kubeflow.katib.dbmanager.svc.name" -}} +{{ include "kubeflow.component.svc.name" ( + include "kubeflow.katib.dbmanager.name" . +)}} +{{- end }} + +{{- define "kubeflow.katib.dbmanager.svc.addressWithNs" -}} +{{ include "kubeflow.component.svc.addressWithNs" ( + list + . + (include "kubeflow.katib.dbmanager.name" .) +)}} +{{- end }} + +{{- define "kubeflow.katib.dbmanager.svc.addressWithSvc" -}} +{{ include "kubeflow.component.svc.addressWithSvc" ( + list + . + (include "kubeflow.katib.dbmanager.name" .) +)}} +{{- end }} + +{{- define "kubeflow.katib.dbmanager.svc.fqdn" -}} +{{ include "kubeflow.component.svc.fqdn" ( + list + . + (include "kubeflow.katib.dbmanager.name" .) +)}} +{{- end }} + +{{/* +Kubeflow Katib dbmanager object labels. +*/}} +{{- define "kubeflow.katib.dbmanager.labels" -}} +{{ include "kubeflow.common.labels" . }} +{{ include "kubeflow.component.labels" (include "kubeflow.katib.name" .) }} +{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.katib.dbmanager.name" .) }} +{{- end }} + +{{- define "kubeflow.katib.dbmanager.selectorLabels" -}} +{{ include "kubeflow.common.selectorLabels" . }} +{{ include "kubeflow.component.selectorLabels" (include "kubeflow.katib.name" .) }} +{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.katib.dbmanager.name" .) }} +{{- end }} + +{{/* +Kubeflow Katib dbmanager container image settings. +*/}} +{{- define "kubeflow.katib.dbmanager.image" -}} +{{ include "kubeflow.component.image" ( + list + .Values.defaults.image + .Values.katib.dbmanager.image +)}} +{{- end }} + +{{- define "kubeflow.katib.dbmanager.imagePullPolicy" -}} +{{ include "kubeflow.component.imagePullPolicy" ( + list + .Values.defaults.image + .Values.katib.dbmanager.image +)}} +{{- end }} + +{{/* +Kubeflow Katib dbmanager Autoscaling and Availability. +*/}} +{{- define "kubeflow.katib.dbmanager.autoscaling.minReplicas" -}} +{{ include "kubeflow.component.autoscaling.minReplicas" ( + list + .Values.defaults.autoscaling + .Values.katib.dbmanager.autoscaling +)}} +{{- end }} + +{{- define "kubeflow.katib.dbmanager.autoscaling.maxReplicas" -}} +{{ include "kubeflow.component.autoscaling.maxReplicas" ( + list + .Values.defaults.autoscaling + .Values.katib.dbmanager.autoscaling +)}} +{{- end }} + +{{- define "kubeflow.katib.dbmanager.autoscaling.targetCPUUtilizationPercentage" -}} +{{ include "kubeflow.component.autoscaling.targetCPUUtilizationPercentage" ( + list + .Values.defaults.autoscaling + .Values.katib.dbmanager.autoscaling +)}} +{{- end }} + +{{- define "kubeflow.katib.dbmanager.autoscaling.targetMemoryUtilizationPercentage" -}} +{{ include "kubeflow.component.autoscaling.targetMemoryUtilizationPercentage" ( + list + .Values.defaults.autoscaling + .Values.katib.dbmanager.autoscaling +)}} +{{- end }} + +{{- define "kubeflow.katib.dbmanager.pdb.values" -}} +{{- include "kubeflow.component.pdb.values" ( + list + .Values.defaults.podDisruptionBudget + .Values.katib.dbmanager.podDisruptionBudget +)}} +{{- end }} + +{{/* +Kubeflow Katib dbmanager Security Context. +*/}} +{{- define "kubeflow.katib.dbmanager.containerSecurityContext" -}} +{{ include "kubeflow.component.containerSecurityContext" ( + list + .Values.defaults.containerSecurityContext + .Values.katib.dbmanager.containerSecurityContext +)}} +{{- end }} + +{{/* +Kubeflow Katib dbmanager Scheduling. +*/}} +{{- define "kubeflow.katib.dbmanager.topologySpreadConstraints" -}} +{{ include "kubeflow.component.topologySpreadConstraints" ( + list + .Values.defaults.topologySpreadConstraints + .Values.katib.dbmanager.topologySpreadConstraints +)}} +{{- end }} + +{{- define "kubeflow.katib.dbmanager.nodeSelector" -}} +{{ include "kubeflow.component.nodeSelector" ( + list + .Values.defaults.nodeSelector + .Values.katib.dbmanager.nodeSelector +)}} +{{- end }} + +{{- define "kubeflow.katib.dbmanager.tolerations" -}} +{{ include "kubeflow.component.tolerations" ( + list + .Values.defaults.tolerations + .Values.katib.dbmanager.tolerations +)}} +{{- end }} + +{{- define "kubeflow.katib.dbmanager.affinity" -}} +{{ include "kubeflow.component.affinity" ( + list + .Values.defaults.affinity + .Values.katib.dbmanager.affinity +)}} +{{- end }} + +{{/* +Kubeflow Katib dbmanager enable and create toggles. +*/}} +{{- define "kubeflow.katib.dbmanager.enabled" -}} +{{- ternary true "" ( + and + (include "kubeflow.katib.enabled" . | eq "true") + .Values.katib.dbmanager.enabled +)}} +{{- end }} + +{{- define "kubeflow.katib.dbmanager.autoscaling.enabled" -}} +{{ include "kubeflow.component.autoscaling.enabled" ( + list + .Values.defaults.autoscaling + .Values.katib.dbmanager.autoscaling +)}} +{{- end }} + +{{- define "kubeflow.katib.dbmanager.rbac.createRoles" -}} +{{- ternary true "" ( + and + (include "kubeflow.katib.dbmanager.enabled" . | eq "true") + .Values.katib.dbmanager.rbac.create +)}} +{{- end }} + +{{- define "kubeflow.katib.dbmanager.createServiceAccount" -}} +{{- ternary true "" ( +and + (include "kubeflow.katib.dbmanager.enabled" . | eq "true") + .Values.katib.dbmanager.serviceAccount.create +)}} +{{- end }} + +{{- define "kubeflow.katib.dbmanager.pdb.create" -}} +{{- include "kubeflow.component.pdb.create" ( + list + (include "kubeflow.katib.dbmanager.enabled" .) + .Values.defaults.podDisruptionBudget + .Values.katib.dbmanager.podDisruptionBudget +)}} +{{- end }} + +{{/* +Environment names for database config. +*/}} +{{/* +FYI, This env var is actually the driver +*/}} +{{- define "kubeflow.katib.dbmanager.config.db.driver.env.name" -}} +{{- "DB_NAME" }} +{{- end }} + +{{- define "kubeflow.katib.dbmanager.config.db.host.env.name" -}} +{{- "KATIB_MYSQL_DB_HOST" }} +{{- end }} + +{{- define "kubeflow.katib.dbmanager.config.db.port.env.name" -}} +{{- "KATIB_MYSQL_DB_PORT" }} +{{- end }} + +{{- define "kubeflow.katib.dbmanager.config.db.databaseName.env.name" -}} +{{- "KATIB_MYSQL_DB_DATABASE" }} +{{- end }} + +{{- define "kubeflow.katib.dbmanager.config.db.user.env.name" -}} +{{- "DB_USER" }} +{{- end }} + +{{- define "kubeflow.katib.dbmanager.config.db.password.env.name" -}} +{{- "DB_PASSWORD" }} +{{- end }} + +{{/* +Environment Entries parametrization for database configuration with plaintext +value or through Secrets. +*/}} + +{{- define "kubeflow.katib.dbmanager.config.db.driver.env.spec" -}} +{{- include "kubeflow.component.env.spec" ( + list + (include "kubeflow.katib.dbmanager.config.db.driver.env.name" . ) + .Values.katib.dbmanager.config.db.existingSecretName + .Values.katib.dbmanager.config.db.driver +) }} +{{- end }} + +{{- define "kubeflow.katib.dbmanager.config.db.host.env.spec" -}} +{{- include "kubeflow.component.env.spec" ( + list + (include "kubeflow.katib.dbmanager.config.db.host.env.name" . ) + .Values.katib.dbmanager.config.db.existingSecretName + .Values.katib.dbmanager.config.db.host +) }} +{{- end }} + +{{- define "kubeflow.katib.dbmanager.config.db.port.env.spec" -}} +{{- include "kubeflow.component.env.spec" ( + list + (include "kubeflow.katib.dbmanager.config.db.port.env.name" . ) + .Values.katib.dbmanager.config.db.existingSecretName + .Values.katib.dbmanager.config.db.port +) }} +{{- end }} + +{{- define "kubeflow.katib.dbmanager.config.db.databaseName.env.spec" -}} +{{- include "kubeflow.component.env.spec" ( + list + (include "kubeflow.katib.dbmanager.config.db.databaseName.env.name" . ) + .Values.katib.dbmanager.config.db.existingSecretName + .Values.katib.dbmanager.config.db.databaseName +) }} +{{- end }} + +{{- define "kubeflow.katib.dbmanager.config.db.user.env.spec" -}} +{{- include "kubeflow.component.env.spec" ( + list + (include "kubeflow.katib.dbmanager.config.db.user.env.name" . ) + .Values.katib.dbmanager.config.db.existingSecretName + .Values.katib.dbmanager.config.db.user +) }} +{{- end }} + +{{- define "kubeflow.katib.dbmanager.config.db.password.env.spec" -}} +{{- include "kubeflow.component.env.spec" ( + list + (include "kubeflow.katib.dbmanager.config.db.password.env.name" . ) + .Values.katib.dbmanager.config.db.existingSecretName + .Values.katib.dbmanager.config.db.password +) }} +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.katib.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.katib.tpl new file mode 100644 index 00000000..742037f5 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.katib.tpl @@ -0,0 +1,265 @@ +{{/* +Kubeflow Katib object names. +*/}} +{{- define "kubeflow.katib.baseName" -}} +{{- printf "katib" }} +{{- end }} + +{{- define "kubeflow.katib.name" -}} +{{- include "kubeflow.component.name" ( + list + (include "kubeflow.katib.baseName" .) + . +)}} +{{- end }} + +{{- define "kubeflow.katib.serviceAccountName" -}} +{{- include "kubeflow.component.serviceAccountName" ( + list + (include "kubeflow.katib.name" .) + .Values.katib.serviceAccount +)}} +{{- end }} + +{{- define "kubeflow.katib.serviceAccountPrincipal" -}} +{{- include "kubeflow.component.serviceAccountPrincipal" ( + list + . + (include "kubeflow.katib.serviceAccountName" .) +)}} +{{- end }} + +{{- define "kubeflow.katib.mainClusterRoleName" -}} +{{- include "kubeflow.katib.name" . }} +{{- end }} + +{{- define "kubeflow.katib.mainClusterRoleBindingName" -}} +{{- include "kubeflow.katib.mainClusterRoleName" . }} +{{- end }} + +{{- define "kubeflow.katib.leaderElectionRoleName" -}} +{{- printf "%s-%s-%s" + (include "kubeflow.fullname" .) + (include "kubeflow.katib.name" .) + "leader-election" +}} +{{- end }} + +{{- define "kubeflow.katib.leaderElectionRoleBindingName" -}} +{{- include "kubeflow.katib.leaderElectionRoleName" . }} +{{- end }} + +{{- define "kubeflow.katib.adminClusterRoleName" -}} +{{- printf "%s-%s" (include "kubeflow.fullname" .) "katib-admin" }} +{{- end }} + +{{- define "kubeflow.katib.editClusterRoleName" -}} +{{- printf "%s-%s" (include "kubeflow.fullname" .) "katib-edit" }} +{{- end }} + +{{- define "kubeflow.katib.viewClusterRoleName" -}} +{{- printf "%s-%s" (include "kubeflow.fullname" .) "katib-view" }} +{{- end }} + +{{/* +Role Aggregation Rule Labels +*/}} +{{- define "kubeflow.katib.adminClusterRoleLabel" -}} +{{- include "kubeflow.aggregationRule.labelBase" (include "kubeflow.katib.adminClusterRoleName" .) -}} +{{- end }} + +{{/* +Kubeflow Katib Controller Service. +*/}} +{{- define "kubeflow.katib.svc.name" -}} +{{ include "kubeflow.component.svc.name" ( + include "kubeflow.katib.name" . +)}} +{{- end }} + +{{- define "kubeflow.katib.svc.addressWithNs" -}} +{{ include "kubeflow.component.svc.addressWithNs" ( + list + . + (include "kubeflow.katib.name" .) +)}} +{{- end }} + +{{- define "kubeflow.katib.svc.addressWithSvc" -}} +{{ include "kubeflow.component.svc.addressWithSvc" ( + list + . + (include "kubeflow.katib.name" .) +)}} +{{- end }} + +{{- define "kubeflow.katib.svc.fqdn" -}} +{{ include "kubeflow.component.svc.fqdn" ( + list + . + (include "kubeflow.katib.name" .) +)}} +{{- end }} + +{{/* +Kubeflow Katib Controller object labels. +*/}} +{{- define "kubeflow.katib.labels" -}} +{{ include "kubeflow.common.labels" . }} +{{ include "kubeflow.component.labels" (include "kubeflow.katib.name" .) }} +{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.katib.name" .) }} +{{- end }} + +{{- define "kubeflow.katib.selectorLabels" -}} +{{ include "kubeflow.common.selectorLabels" . }} +{{ include "kubeflow.component.selectorLabels" (include "kubeflow.katib.name" .) }} +{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.katib.name" .) }} +{{- end }} + +{{/* +Kubeflow Katib Controller container image settings. +*/}} +{{- define "kubeflow.katib.image" -}} +{{ include "kubeflow.component.image" ( + list + .Values.defaults.image + .Values.katib.image +)}} +{{- end }} + +{{- define "kubeflow.katib.imagePullPolicy" -}} +{{ include "kubeflow.component.imagePullPolicy" ( + list + .Values.defaults.image + .Values.katib.image +)}} +{{- end }} + +{{/* +Kubeflow Katib Controller Autoscaling and Availability. +*/}} +{{- define "kubeflow.katib.autoscaling.minReplicas" -}} +{{ include "kubeflow.component.autoscaling.minReplicas" ( + list + .Values.defaults.autoscaling + .Values.katib.autoscaling +)}} +{{- end }} + +{{- define "kubeflow.katib.autoscaling.maxReplicas" -}} +{{ include "kubeflow.component.autoscaling.maxReplicas" ( + list + .Values.defaults.autoscaling + .Values.katib.autoscaling +)}} +{{- end }} + +{{- define "kubeflow.katib.autoscaling.targetCPUUtilizationPercentage" -}} +{{ include "kubeflow.component.autoscaling.targetCPUUtilizationPercentage" ( + list + .Values.defaults.autoscaling + .Values.katib.autoscaling +)}} +{{- end }} + +{{- define "kubeflow.katib.autoscaling.targetMemoryUtilizationPercentage" -}} +{{ include "kubeflow.component.autoscaling.targetMemoryUtilizationPercentage" ( + list + .Values.defaults.autoscaling + .Values.katib.autoscaling +)}} +{{- end }} + +{{- define "kubeflow.katib.pdb.values" -}} +{{- include "kubeflow.component.pdb.values" ( + list + .Values.defaults.podDisruptionBudget + .Values.katib.podDisruptionBudget +)}} +{{- end }} + +{{/* +Kubeflow Katib Controller Security Context. +*/}} +{{- define "kubeflow.katib.containerSecurityContext" -}} +{{ include "kubeflow.component.containerSecurityContext" ( + list + .Values.defaults.containerSecurityContext + .Values.katib.containerSecurityContext +)}} +{{- end }} + +{{/* +Kubeflow Katib Controller Scheduling. +*/}} +{{- define "kubeflow.katib.topologySpreadConstraints" -}} +{{ include "kubeflow.component.topologySpreadConstraints" ( + list + .Values.defaults.topologySpreadConstraints + .Values.katib.topologySpreadConstraints +)}} +{{- end }} + +{{- define "kubeflow.katib.nodeSelector" -}} +{{ include "kubeflow.component.nodeSelector" ( + list + .Values.defaults.nodeSelector + .Values.katib.nodeSelector +)}} +{{- end }} + +{{- define "kubeflow.katib.tolerations" -}} +{{ include "kubeflow.component.tolerations" ( + list + .Values.defaults.tolerations + .Values.katib.tolerations +)}} +{{- end }} + +{{- define "kubeflow.katib.affinity" -}} +{{ include "kubeflow.component.affinity" ( + list + .Values.defaults.affinity + .Values.katib.affinity +)}} +{{- end }} + +{{/* +Kubeflow Katib enable and create toggles. +*/}} +{{- define "kubeflow.katib.enabled" -}} +{{- ternary true "" .Values.katib.enabled }} +{{- end }} + +{{- define "kubeflow.katib.autoscaling.enabled" -}} +{{ include "kubeflow.component.autoscaling.enabled" ( + list + .Values.defaults.autoscaling + .Values.katib.autoscaling +)}} +{{- end }} + +{{- define "kubeflow.katib.rbac.createRoles" -}} +{{- ternary true "" ( + and + (include "kubeflow.katib.enabled" . | eq "true") + .Values.katib.rbac.create +)}} +{{- end }} + +{{- define "kubeflow.katib.createServiceAccount" -}} +{{- ternary true "" ( +and + (include "kubeflow.katib.enabled" . | eq "true") + .Values.katib.serviceAccount.create +)}} +{{- end }} + +{{- define "kubeflow.katib.pdb.create" -}} +{{- include "kubeflow.component.pdb.create" ( + list + (include "kubeflow.katib.enabled" .) + .Values.defaults.podDisruptionBudget + .Values.katib.podDisruptionBudget +)}} +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.katib.ui.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.katib.ui.tpl new file mode 100644 index 00000000..732a69e3 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.katib.ui.tpl @@ -0,0 +1,277 @@ +{{/* +Kubeflow Katib ui object names. +*/}} +{{- define "kubeflow.katib.ui.baseName" -}} +{{- printf "katib-ui" }} +{{- end }} + +{{- define "kubeflow.katib.ui.name" -}} +{{- include "kubeflow.component.name" ( + list + (include "kubeflow.katib.ui.baseName" .) + . +)}} +{{- end }} + +{{- define "kubeflow.katib.ui.serviceAccountName" -}} +{{- include "kubeflow.component.serviceAccountName" ( + list + (include "kubeflow.katib.ui.name" .) + .Values.katib.ui.serviceAccount +)}} +{{- end }} + +{{- define "kubeflow.katib.ui.serviceAccountPrincipal" -}} +{{- include "kubeflow.component.serviceAccountPrincipal" ( + list + . + (include "kubeflow.katib.ui.serviceAccountName" .) +)}} +{{- end }} + +{{- define "kubeflow.katib.ui.mainClusterRoleName" -}} +{{- include "kubeflow.katib.ui.name" . }} +{{- end }} + +{{- define "kubeflow.katib.ui.mainClusterRoleBindingName" -}} +{{- include "kubeflow.katib.ui.mainClusterRoleName" . }} +{{- end }} + +{{- define "kubeflow.katib.ui.leaderElectionRoleName" -}} +{{- printf "%s-%s-%s" + (include "kubeflow.fullname" .) + (include "kubeflow.katib.ui.name" .) + "leader-election" +}} +{{- end }} + +{{- define "kubeflow.katib.ui.leaderElectionRoleBindingName" -}} +{{- include "kubeflow.katib.ui.leaderElectionRoleName" . }} +{{- end }} + +{{- define "kubeflow.katib.ui.kfNbAdminClusterRoleName" -}} +{{- printf "%s-%s" (include "kubeflow.fullname" .) "katib-admin" }} +{{- end }} + +{{- define "kubeflow.katib.ui.kfNbEditClusterRoleName" -}} +{{- printf "%s-%s" (include "kubeflow.fullname" .) "katib-edit" }} +{{- end }} + +{{- define "kubeflow.katib.ui.kfNbViewClusterRoleName" -}} +{{- printf "%s-%s" (include "kubeflow.fullname" .) "katib-view" }} +{{- end }} + +{{/* +Role Aggregation Rule Labels +*/}} +{{- define "kubeflow.katib.ui.kfNbAdminClusterRoleLabel" -}} +{{- include "kubeflow.aggregationRule.labelBase" (include "kubeflow.katib.ui.kfNbAdminClusterRoleName" .) -}} +{{- end }} + +{{/* +Kubeflow Katib ui Service. +*/}} +{{- define "kubeflow.katib.ui.svc.name" -}} +{{ include "kubeflow.component.svc.name" ( + include "kubeflow.katib.ui.name" . +)}} +{{- end }} + +{{- define "kubeflow.katib.ui.svc.addressWithNs" -}} +{{ include "kubeflow.component.svc.addressWithNs" ( + list + . + (include "kubeflow.katib.ui.name" .) +)}} +{{- end }} + +{{- define "kubeflow.katib.ui.svc.addressWithSvc" -}} +{{ include "kubeflow.component.svc.addressWithSvc" ( + list + . + (include "kubeflow.katib.ui.name" .) +)}} +{{- end }} + +{{- define "kubeflow.katib.ui.svc.fqdn" -}} +{{ include "kubeflow.component.svc.fqdn" ( + list + . + (include "kubeflow.katib.ui.name" .) +)}} +{{- end }} + +{{/* +Kubeflow Katib ui object labels. +*/}} +{{- define "kubeflow.katib.ui.labels" -}} +{{ include "kubeflow.common.labels" . }} +{{ include "kubeflow.component.labels" (include "kubeflow.katib.name" .) }} +{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.katib.ui.name" .) }} +{{- end }} + +{{- define "kubeflow.katib.ui.selectorLabels" -}} +{{ include "kubeflow.common.selectorLabels" . }} +{{ include "kubeflow.component.selectorLabels" (include "kubeflow.katib.name" .) }} +{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.katib.ui.name" .) }} +{{- end }} + +{{/* +Kubeflow Katib ui container image settings. +*/}} +{{- define "kubeflow.katib.ui.image" -}} +{{ include "kubeflow.component.image" ( + list + .Values.defaults.image + .Values.katib.ui.image +)}} +{{- end }} + +{{- define "kubeflow.katib.ui.imagePullPolicy" -}} +{{ include "kubeflow.component.imagePullPolicy" ( + list + .Values.defaults.image + .Values.katib.ui.image +)}} +{{- end }} + +{{/* +Kubeflow Katib ui Autoscaling and Availability. +*/}} +{{- define "kubeflow.katib.ui.autoscaling.minReplicas" -}} +{{ include "kubeflow.component.autoscaling.minReplicas" ( + list + .Values.defaults.autoscaling + .Values.katib.ui.autoscaling +)}} +{{- end }} + +{{- define "kubeflow.katib.ui.autoscaling.maxReplicas" -}} +{{ include "kubeflow.component.autoscaling.maxReplicas" ( + list + .Values.defaults.autoscaling + .Values.katib.ui.autoscaling +)}} +{{- end }} + +{{- define "kubeflow.katib.ui.autoscaling.targetCPUUtilizationPercentage" -}} +{{ include "kubeflow.component.autoscaling.targetCPUUtilizationPercentage" ( + list + .Values.defaults.autoscaling + .Values.katib.ui.autoscaling +)}} +{{- end }} + +{{- define "kubeflow.katib.ui.autoscaling.targetMemoryUtilizationPercentage" -}} +{{ include "kubeflow.component.autoscaling.targetMemoryUtilizationPercentage" ( + list + .Values.defaults.autoscaling + .Values.katib.ui.autoscaling +)}} +{{- end }} + +{{- define "kubeflow.katib.ui.pdb.values" -}} +{{- include "kubeflow.component.pdb.values" ( + list + .Values.defaults.podDisruptionBudget + .Values.katib.ui.podDisruptionBudget +)}} +{{- end }} + +{{/* +Kubeflow Katib ui Security Context. +*/}} +{{- define "kubeflow.katib.ui.containerSecurityContext" -}} +{{ include "kubeflow.component.containerSecurityContext" ( + list + .Values.defaults.containerSecurityContext + .Values.katib.ui.containerSecurityContext +)}} +{{- end }} + +{{/* +Kubeflow Katib ui Scheduling. +*/}} +{{- define "kubeflow.katib.ui.topologySpreadConstraints" -}} +{{ include "kubeflow.component.topologySpreadConstraints" ( + list + .Values.defaults.topologySpreadConstraints + .Values.katib.ui.topologySpreadConstraints +)}} +{{- end }} + +{{- define "kubeflow.katib.ui.nodeSelector" -}} +{{ include "kubeflow.component.nodeSelector" ( + list + .Values.defaults.nodeSelector + .Values.katib.ui.nodeSelector +)}} +{{- end }} + +{{- define "kubeflow.katib.ui.tolerations" -}} +{{ include "kubeflow.component.tolerations" ( + list + .Values.defaults.tolerations + .Values.katib.ui.tolerations +)}} +{{- end }} + +{{- define "kubeflow.katib.ui.affinity" -}} +{{ include "kubeflow.component.affinity" ( + list + .Values.defaults.affinity + .Values.katib.ui.affinity +)}} +{{- end }} + +{{/* +Kubeflow Katib ui enable and create toggles. +*/}} +{{- define "kubeflow.katib.ui.enabled" -}} +{{- ternary true "" ( + and + (include "kubeflow.katib.enabled" . | eq "true") + .Values.katib.ui.enabled +)}} +{{- end }} + +{{- define "kubeflow.katib.ui.autoscaling.enabled" -}} +{{ include "kubeflow.component.autoscaling.enabled" ( + list + .Values.defaults.autoscaling + .Values.katib.ui.autoscaling +)}} +{{- end }} + +{{- define "kubeflow.katib.ui.rbac.createRoles" -}} +{{- ternary true "" ( + and + (include "kubeflow.katib.ui.enabled" . | eq "true") + .Values.katib.ui.rbac.create +)}} +{{- end }} + +{{- define "kubeflow.katib.ui.createServiceAccount" -}} +{{- ternary true "" ( +and + (include "kubeflow.katib.ui.enabled" . | eq "true") + .Values.katib.ui.serviceAccount.create +)}} +{{- end }} + +{{- define "kubeflow.katib.ui.pdb.create" -}} +{{- include "kubeflow.component.pdb.create" ( + list + (include "kubeflow.katib.ui.enabled" .) + .Values.defaults.podDisruptionBudget + .Values.katib.ui.podDisruptionBudget +)}} +{{- end }} + +{{- define "kubeflow.katib.ui.createIstioIntegrationObjects" -}} +{{- ternary true "" ( + and + (include "kubeflow.katib.ui.enabled" . | eq "true" ) + .Values.istioIntegration.enabled +)}} +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.knativeIntegration.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.knativeIntegration.tpl new file mode 100644 index 00000000..549d337d --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.knativeIntegration.tpl @@ -0,0 +1,43 @@ +{{/* +Knative Integration helpers. +*/}} + +{{- define "kubeflow.knativeIntegration.enabled" -}} +{{- .Values.knativeIntegration.enabled }} +{{- end }} + +{{/* +Knative Serving helpers. +*/}} + +{{- define "kubeflow.knativeIntegration.knativeServing.enabled" -}} +{{- ternary true "" ( + and + (include "kubeflow.knativeIntegration.enabled" . | eq "true") + .Values.knativeIntegration.knativeServing.enabled +)}} +{{- end }} + +{{/* +Knative Eventing helpers. +*/}} + +{{- define "kubeflow.knativeIntegration.knativeEventing.enabled" -}} +{{- ternary true "" ( + and + (include "kubeflow.knativeIntegration.enabled" . | eq "true") + .Values.knativeIntegration.knativeEventing.enabled +)}} +{{- end }} + +{{/* +KNative Istio Ingregration helpers. +*/}} + +{{- define "kubeflow.knativeIntegration.createIstioIntegrationObjects" -}} +{{- ternary true "" ( + and + (include "kubeflow.knativeIntegration.enabled" . | eq "true") + .Values.istioIntegration.enabled +)}} +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.kserveModelsWebApp.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.kserveModelsWebApp.tpl new file mode 100644 index 00000000..dcb2e50f --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.kserveModelsWebApp.tpl @@ -0,0 +1,125 @@ +{{/* +Kubeflow Kserve Models Web App object names. +*/}} +{{- define "kubeflow.kserveModelsWebApp.baseName" -}} +{{- printf "kserve-models-web-app" }} +{{- end }} + +{{- define "kubeflow.kserveModelsWebApp.name" -}} +{{- include "kubeflow.component.name" ( + list + (include "kubeflow.kserveModelsWebApp.baseName" .) + . +)}} +{{- end }} + +{{/* +Kubeflow Kserve Models Web App enable and create toggles. +*/}} +{{- define "kubeflow.kserveModelsWebApp.enabled" -}} +{{- ternary true "" + .Values.kserveModelsWebApp.enabled +}} +{{- end }} + +{{- define "kubeflow.kserveModelsWebApp.createServiceAccount" -}} +{{- ternary true "" ( + and + (include "kubeflow.kserveModelsWebApp.enabled" . | eq "true") + .Values.kserveModelsWebApp.serviceAccount.create +)}} +{{- end }} + +{{- define "kubeflow.kserveModelsWebApp.serviceAccountName" -}} +{{- include "kubeflow.component.serviceAccountName" (list (include "kubeflow.kserveModelsWebApp.name" .) .Values.kserveModelsWebApp.serviceAccount) }} +{{- end }} + +{{/* +Kubeflow Kserve Models Web App object labels. +*/}} +{{- define "kubeflow.kserveModelsWebApp.labels" -}} +{{ include "kubeflow.common.labels" . }} +{{ include "kubeflow.component.labels" (include "kubeflow.kserveModelsWebApp.name" .) }} +{{- end }} + +{{- define "kubeflow.kserveModelsWebApp.configMapName" -}} +{{- printf "%s-%s" (include "kubeflow.kserveModelsWebApp.name" .) "viewer-spec" }} +{{- end }} + +{{- define "kubeflow.kserveModelsWebApp.mainClusterRoleName" -}} +{{- printf "%s-%s" + (include "kubeflow.fullname" .) + (include "kubeflow.kserveModelsWebApp.name" .) +}} +{{- end }} + +{{- define "kubeflow.kserveModelsWebApp.mainClusterRoleBindingName" -}} +{{- include "kubeflow.kserveModelsWebApp.mainClusterRoleName" . }} +{{- end }} + +{{- define "kubeflow.kserveModelsWebApp.rbac.createRole" -}} +{{- ternary true "" ( + and + (include "kubeflow.kserveModelsWebApp.enabled" . | eq "true") + .Values.kserveModelsWebApp.rbac.create +)}} +{{- end }} + +{{- define "kubeflow.kserveModelsWebApp.image" -}} +{{ include "kubeflow.component.image" (list .Values.defaults.image .Values.kserveModelsWebApp.image) }} +{{- end }} + +{{- define "kubeflow.kserveModelsWebApp.imagePullPolicy" -}} +{{ include "kubeflow.component.imagePullPolicy" (list .Values.defaults.image .Values.kserveModelsWebApp.image) }} +{{- end }} + +{{- define "kubeflow.kserveModelsWebApp.selectorLabels" -}} +{{ include "kubeflow.common.selectorLabels" . }} +{{ include "kubeflow.component.selectorLabels" (include "kubeflow.kserveModelsWebApp.name" .) }} +{{- end }} + +{{- define "kubeflow.kserveModelsWebApp.svc.name" -}} +{{ include "kubeflow.component.svc.name" ( + include "kubeflow.kserveModelsWebApp.name" . +)}} +{{- end }} + +{{- define "kubeflow.kserveModelsWebApp.nodeSelector" -}} +{{ include "kubeflow.component.nodeSelector" ( + list + .Values.defaults.nodeSelector + .Values.kserveModelsWebApp.nodeSelector +)}} +{{- end }} + +{{- define "kubeflow.kserveModelsWebApp.tolerations" -}} +{{ include "kubeflow.component.tolerations" ( + list + .Values.defaults.tolerations + .Values.kserveModelsWebApp.tolerations +)}} +{{- end }} + +{{- define "kubeflow.kserveModelsWebApp.affinity" -}} +{{ include "kubeflow.component.affinity" ( + list + .Values.defaults.affinity + .Values.kserveModelsWebApp.affinity +)}} +{{- end }} + +{{- define "kubeflow.kserveModelsWebApp.topologySpreadConstraints" -}} +{{ include "kubeflow.component.topologySpreadConstraints" ( + list + .Values.defaults.topologySpreadConstraints + .Values.kserveModelsWebApp.topologySpreadConstraints +)}} +{{- end }} + +{{- define "kubeflow.kserveModelsWebApp.autoscaling.enabled" -}} +{{ include "kubeflow.component.autoscaling.enabled" (list .Values.defaults.autoscaling .Values.kserveModelsWebApp.autoscaling) }} +{{- end }} + +{{- define "kubeflow.kserveModelsWebApp.autoscaling.minReplicas" -}} +{{ include "kubeflow.component.autoscaling.minReplicas" (list .Values.defaults.autoscaling .Values.kserveModelsWebApp.autoscaling) }} +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.kubeflowRoles.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.kubeflowRoles.tpl new file mode 100644 index 00000000..db57117e --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.kubeflowRoles.tpl @@ -0,0 +1,121 @@ +{{- define "kubeflow.roles.baseName" -}} +{{- print "kubeflow-roles" }} +{{- end }} + +{{- define "kubeflow.roles.name" -}} +{{- include "kubeflow.component.name" ( + list + (include "kubeflow.roles.baseName" .) + . +)}} +{{- end }} + +{{- define "kubeflow.kubeflowRoles.labels" -}} +{{ include "kubeflow.common.labels" . }} +{{ include "kubeflow.component.labels" (include "kubeflow.roles.name" .) }} +{{- end }} + +{{/* +Kubeflow Main Role Names. +*/}} +{{- define "kubeflow.kubeflowRoles.kubeflowAdminRoleName" -}} +{{- printf "%s-%s" (include "kubeflow.fullname" .) "admin" }} +{{- end }} + +{{- define "kubeflow.kubeflowRoles.kubeflowEditRoleName" -}} +{{- printf "%s-%s" (include "kubeflow.fullname" .) "edit" }} +{{- end }} + +{{- define "kubeflow.kubeflowRoles.kubeflowViewRoleName" -}} +{{- printf "%s-%s" (include "kubeflow.fullname" .) "view" }} +{{- end }} + + +{{/* +Kubeflow Kubernetes Role Names. +*/}} +{{- define "kubeflow.kubeflowRoles.kubernetesAdminRoleName" -}} +{{- printf "%s-%s" (include "kubeflow.fullname" .) "kubernetes-admin" }} +{{- end }} + +{{- define "kubeflow.kubeflowRoles.kubernetesEditRoleName" -}} +{{- printf "%s-%s" (include "kubeflow.fullname" .) "kubernetes-edit" }} +{{- end }} + +{{- define "kubeflow.kubeflowRoles.kubernetesViewRoleName" -}} +{{- printf "%s-%s" (include "kubeflow.fullname" .) "kubernetes-view" }} +{{- end }} + +{{/* +Kubeflow Pipelines Role Names. +*/}} +{{- define "kubeflow.kubeflowRoles.kubeflowPipelinesAdminRoleName" -}} +{{- printf "%s-%s" (include "kubeflow.fullname" .) "pipelines-admin" }} +{{- end }} + +{{- define "kubeflow.kubeflowRoles.kubeflowPipelinesEditRoleName" -}} +{{- printf "%s-%s" (include "kubeflow.fullname" .) "pipelines-edit" }} +{{- end }} + +{{- define "kubeflow.kubeflowRoles.kubeflowPipelinesViewRoleName" -}} +{{- printf "%s-%s" (include "kubeflow.fullname" .) "pipelines-view" }} +{{- end }} + +{{- define "kubeflow.kubeflowRoles.aggregateToKubeflowPipelinesEditRoleName" -}} +{{- printf "%s-%s" (include "kubeflow.fullname" .) "aggregate-pipelines-edit" }} +{{- end }} + +{{- define "kubeflow.kubeflowRoles.aggregateToKubeflowPipelinesViewRoleName" -}} +{{- printf "%s-%s" (include "kubeflow.fullname" .) "aggregate-pipelines-view" }} +{{- end }} + +{{/* + ################################### + ### Role Aggreation Rule Labels ### + ################################### +*/}} + +{{/* +Kubeflow Main Role Labels. +*/}} +{{- define "kubeflow.kubeflowRoles.kubeflowAdminRoleLabel" -}} +{{- include "kubeflow.aggregationRule.labelBase" (include "kubeflow.kubeflowRoles.kubeflowAdminRoleName" .) -}} +{{- end }} + +{{- define "kubeflow.kubeflowRoles.kubeflowEditRoleLabel" -}} +{{- include "kubeflow.aggregationRule.labelBase" (include "kubeflow.kubeflowRoles.kubeflowEditRoleName" .) -}} +{{- end }} + +{{- define "kubeflow.kubeflowRoles.kubeflowViewRoleLabel" -}} +{{- include "kubeflow.aggregationRule.labelBase" (include "kubeflow.kubeflowRoles.kubeflowViewRoleName" .) -}} +{{- end }} + +{{/* +Kubeflow Kubernetes Role Labels. +*/}} +{{- define "kubeflow.kubeflowRoles.kubernetesAdminRoleLabel" -}} +{{- include "kubeflow.aggregationRule.labelBase" (include "kubeflow.kubeflowRoles.kubernetesAdminRoleName" .) -}} +{{- end }} + +{{- define "kubeflow.kubeflowRoles.kubernetesEditRoleLabel" -}} +{{- include "kubeflow.aggregationRule.labelBase" (include "kubeflow.kubeflowRoles.kubernetesEditRoleName" .) -}} +{{- end }} + +{{- define "kubeflow.kubeflowRoles.kubernetesViewRoleLabel" -}} +{{- include "kubeflow.aggregationRule.labelBase" (include "kubeflow.kubeflowRoles.kubernetesViewRoleName" .) -}} +{{- end }} + +{{/* +Kubeflow Pipelines Role Labels. +*/}} +{{- define "kubeflow.kubeflowRoles.kubeflowPipelinesAdminRoleLabel" -}} +{{- include "kubeflow.aggregationRule.labelBase" (include "kubeflow.kubeflowRoles.kubeflowPipelinesAdminRoleName" .) -}} +{{- end }} + +{{- define "kubeflow.kubeflowRoles.kubeflowPipelinesEditRoleLabel" -}} +{{- include "kubeflow.aggregationRule.labelBase" (include "kubeflow.kubeflowRoles.kubeflowPipelinesEditRoleName" .) -}} +{{- end }} + +{{- define "kubeflow.kubeflowRoles.kubeflowPipelinesViewRoleLabel" -}} +{{- include "kubeflow.aggregationRule.labelBase" (include "kubeflow.kubeflowRoles.kubeflowPipelinesViewRoleName" .) -}} +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.modelRegistry.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.modelRegistry.tpl new file mode 100644 index 00000000..396d5ee0 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.modelRegistry.tpl @@ -0,0 +1,269 @@ +{{/* +Kubeflow Model Registry object names. +*/}} +{{- define "kubeflow.modelRegistry.baseName" -}} +{{- printf "model-registry" }} +{{- end }} + +{{- define "kubeflow.modelRegistry.name" -}} +{{- include "kubeflow.component.name" ( + list + (include "kubeflow.modelRegistry.baseName" .) + . +)}} +{{- end }} + +{{- define "kubeflow.modelRegistry.serviceAccountName" -}} +{{- include "kubeflow.component.serviceAccountName" ( + list + (include "kubeflow.modelRegistry.name" .) + .Values.modelRegistry.serviceAccount +)}} +{{- end }} + +{{/* +Kubeflow Model Registry Service. +*/}} +{{- define "kubeflow.modelRegistry.svc.name" -}} +{{ printf "%s-%s" + (include "kubeflow.component.svc.name" ( + include "kubeflow.modelRegistry.name" . + )) + "service" +}} +{{- end }} + +{{- define "kubeflow.modelRegistry.svc.fqdn" -}} +{{ include "kubeflow.component.svc.fqdn" ( + list + . + (include "kubeflow.modelRegistry.svc.name" .) +)}} +{{- end }} + +{{/* +Kubeflow Model Registry object labels. +*/}} +{{- define "kubeflow.modelRegistry.labels" -}} +{{ include "kubeflow.common.labels" . }} +{{ include "kubeflow.component.labels" (include "kubeflow.modelRegistry.name" .) }} +{{- end }} + +{{- define "kubeflow.modelRegistry.selectorLabels" -}} +{{ include "kubeflow.common.selectorLabels" . }} +{{ include "kubeflow.component.selectorLabels" (include "kubeflow.modelRegistry.name" .) }} +{{- end }} + +{{/* +Kubeflow Model Registry Scheduling. +*/}} +{{- define "kubeflow.modelRegistry.topologySpreadConstraints" -}} +{{ include "kubeflow.component.topologySpreadConstraints" ( + list + .Values.defaults.topologySpreadConstraints + .Values.modelRegistry.topologySpreadConstraints +)}} +{{- end }} + +{{- define "kubeflow.modelRegistry.nodeSelector" -}} +{{ include "kubeflow.component.nodeSelector" ( + list + .Values.defaults.nodeSelector + .Values.modelRegistry.nodeSelector +)}} +{{- end }} + +{{- define "kubeflow.modelRegistry.tolerations" -}} +{{ include "kubeflow.component.tolerations" ( + list + .Values.defaults.tolerations + .Values.modelRegistry.tolerations +)}} +{{- end }} + +{{- define "kubeflow.modelRegistry.affinity" -}} +{{ include "kubeflow.component.affinity" ( + list + .Values.defaults.affinity + .Values.modelRegistry.affinity +)}} +{{- end }} + +{{/* +Kubeflow Model registrry enable and create toggles. +*/}} +{{- define "kubeflow.modelRegistry.enabled" -}} +{{- ternary true "" .Values.modelRegistry.enabled }} +{{- end }} + +{{- define "kubeflow.modelRegistry.createServiceAccount" -}} +{{- ternary true "" ( +and + (include "kubeflow.modelRegistry.enabled" . | eq "true") + .Values.modelRegistry.serviceAccount.create +)}} +{{- end }} + +{{- define "kubeflow.modelRegistry.configMapName" -}} +{{- printf "%s" (include "kubeflow.modelRegistry.name" .) }} +{{- end }} + +{{- define "kubeflow.modelRegistry.createIstioIntegrationObjects" -}} +{{- ternary true "" ( + and + (include "kubeflow.modelRegistry.enabled" . | eq "true") + .Values.istioIntegration.enabled +)}} +{{- end }} + +{{- define "kubeflow.modelRegistry.pdb.create" -}} +{{- include "kubeflow.component.pdb.create" ( + list + (include "kubeflow.modelRegistry.enabled" .) + .Values.defaults.podDisruptionBudget + .Values.modelRegistry.podDisruptionBudget +)}} +{{- end }} + +{{/* +Image configuration. +*/}} + +{{- define "kubeflow.modelRegistry.rest.image" -}} +{{ include "kubeflow.component.image" (list .Values.defaults.image .Values.modelRegistry.rest.image) }} +{{- end }} + +{{- define "kubeflow.modelRegistry.rest.imagePullPolicy" -}} +{{ include "kubeflow.component.imagePullPolicy" (list .Values.modelRegistry.rest.image .Values.modelRegistry.rest.image) }} +{{- end }} + +{{- define "kubeflow.modelRegistry.grpc.image" -}} +{{ include "kubeflow.component.image" (list .Values.modelRegistry.grpc.image .Values.modelRegistry.grpc.image) }} +{{- end }} + +{{- define "kubeflow.modelRegistry.grpc.imagePullPolicy" -}} +{{ include "kubeflow.component.imagePullPolicy" (list .Values.modelRegistry.grpc.image .Values.modelRegistry.grpc.image) }} +{{- end }} + +{{/* +Kubeflow model-registry Autoscaling and Availability. +*/}} +{{- define "kubeflow.modelRegistry.autoscaling.enabled" -}} +{{ include "kubeflow.component.autoscaling.enabled" (list .Values.defaults.autoscaling .Values.modelRegistry.autoscaling) }} +{{- end }} + +{{- define "kubeflow.modelRegistry.autoscaling.minReplicas" -}} +{{ include "kubeflow.component.autoscaling.minReplicas" (list .Values.defaults.autoscaling .Values.modelRegistry.autoscaling) }} +{{- end }} + +{{- define "kubeflow.modelRegistry.autoscaling.maxReplicas" -}} +{{ include "kubeflow.component.autoscaling.maxReplicas" (list .Values.defaults.autoscaling .Values.modelRegistry.autoscaling) }} +{{- end }} + +{{- define "kubeflow.modelRegistry.autoscaling.targetCPUUtilizationPercentage" -}} +{{ include "kubeflow.component.autoscaling.targetCPUUtilizationPercentage" (list .Values.defaults.autoscaling .Values.modelRegistry.autoscaling) }} +{{- end }} + +{{- define "kubeflow.modelRegistry.autoscaling.targetMemoryUtilizationPercentage" -}} +{{ include "kubeflow.component.autoscaling.targetMemoryUtilizationPercentage" (list .Values.defaults.autoscaling .Values.modelRegistry.autoscaling) }} +{{- end }} + +{{- define "kubeflow.modelRegistry.pdb.values" -}} +{{- include "kubeflow.component.pdb.values" ( + list + .Values.defaults.podDisruptionBudget + .Values.modelRegistry.podDisruptionBudget +)}} +{{- end }} + +{{/* +Kubeflow model-registry Security Context. +*/}} +{{- define "kubeflow.modelRegistry.rest.containerSecurityContext" -}} +{{ include "kubeflow.component.containerSecurityContext" ( + list + .Values.defaults.containerSecurityContext + .Values.modelRegistry.rest.containerSecurityContext +)}} +{{- end }} + +{{- define "kubeflow.modelRegistry.grpc.containerSecurityContext" -}} +{{ include "kubeflow.component.containerSecurityContext" ( + list + .Values.defaults.containerSecurityContext + .Values.modelRegistry.grpc.containerSecurityContext +)}} +{{- end }} + +{{/* +Environment names for database config. +*/}} +{{- define "kubeflow.modelRegistry.config.db.user.env.name" -}} +{{- "MYSQL_USER_NAME" }} +{{- end }} + +{{- define "kubeflow.modelRegistry.config.db.password.env.name" -}} +{{- "MYSQL_PASSWORD" }} +{{- end }} + +{{- define "kubeflow.modelRegistry.config.db.host.env.name" -}} +{{- "MYSQL_HOST" }} +{{- end }} + +{{- define "kubeflow.modelRegistry.config.db.port.env.name" -}} +{{- "MYSQL_PORT" }} +{{- end }} + +{{- define "kubeflow.modelRegistry.config.db.dbName.env.name" -}} +{{- "MYSQL_DBNAME" }} +{{- end }} + +{{/* +Environment Entries parametrization for database configuration with plaintext +value or through Secrets. +*/}} + +{{- define "kubeflow.modelRegistry.config.db.user.env.spec" -}} +{{- include "kubeflow.component.env.spec" ( + list + (include "kubeflow.modelRegistry.config.db.user.env.name" . ) + .Values.modelRegistry.config.db.existingSecretName + .Values.modelRegistry.config.db.user +) }} +{{- end }} + +{{- define "kubeflow.modelRegistry.config.db.password.env.spec" -}} +{{- include "kubeflow.component.env.spec" ( + list + (include "kubeflow.modelRegistry.config.db.password.env.name" . ) + .Values.modelRegistry.config.db.existingSecretName + .Values.modelRegistry.config.db.password +) }} +{{- end }} + +{{- define "kubeflow.modelRegistry.config.db.host.env.spec" -}} +{{- include "kubeflow.component.env.spec" ( + list + (include "kubeflow.modelRegistry.config.db.host.env.name" . ) + .Values.modelRegistry.config.db.existingSecretName + .Values.modelRegistry.config.db.host +) }} +{{- end }} + +{{- define "kubeflow.modelRegistry.config.db.port.env.spec" -}} +{{- include "kubeflow.component.env.spec" ( + list + (include "kubeflow.modelRegistry.config.db.port.env.name" . ) + .Values.modelRegistry.config.db.existingSecretName + .Values.modelRegistry.config.db.port +) }} +{{- end }} + +{{- define "kubeflow.modelRegistry.config.db.dbName.env.spec" -}} +{{- include "kubeflow.component.env.spec" ( + list + (include "kubeflow.modelRegistry.config.db.dbName.env.name" . ) + .Values.modelRegistry.config.db.existingSecretName + .Values.modelRegistry.config.db.dbName +) }} +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.networkPolicies.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.networkPolicies.tpl new file mode 100644 index 00000000..a93a8008 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.networkPolicies.tpl @@ -0,0 +1,31 @@ +{{/* +Kubeflow Network Policies object names. +*/}} +{{- define "kubeflow.networkPolicies.baseName" -}} +{{- printf "network-policies" }} +{{- end }} + +{{- define "kubeflow.networkPolicies.name" -}} +{{- include "kubeflow.component.name" ( + list + (include "kubeflow.networkPolicies.baseName" .) + . +)}} +{{- end }} + +{{/* +Kubeflow Network Policies enable and create toggles. +*/}} +{{- define "kubeflow.networkPolicies.enabled" -}} +{{- ternary true "" ( + .Values.networkPolicies.enabled +)}} +{{- end }} + +{{/* +Kubeflow Network Policies object labels. +*/}} +{{- define "kubeflow.networkPolicies.labels" -}} +{{ include "kubeflow.common.labels" . }} +{{ include "kubeflow.component.labels" (include "kubeflow.networkPolicies.name" .) }} +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.notebooks.controller.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.notebooks.controller.tpl new file mode 100644 index 00000000..e42b8918 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.notebooks.controller.tpl @@ -0,0 +1,272 @@ +{{/* +Kubeflow Notebooks Controller object names. +*/}} +{{- define "kubeflow.notebooks.controller.baseName" -}} +{{- printf "notebooks-controller" }} +{{- end }} + +{{- define "kubeflow.notebooks.controller.name" -}} +{{- include "kubeflow.component.name" ( + list + (include "kubeflow.notebooks.controller.baseName" .) + . +)}} +{{- end }} + +{{- define "kubeflow.notebooks.controller.serviceAccountName" -}} +{{- include "kubeflow.component.serviceAccountName" ( + list + (include "kubeflow.notebooks.controller.name" .) + .Values.notebooks.controller.serviceAccount +)}} +{{- end }} + +{{- define "kubeflow.notebooks.controller.serviceAccountPrincipal" -}} +{{- include "kubeflow.component.serviceAccountPrincipal" ( + list + . + (include "kubeflow.notebooks.controller.serviceAccountName" .) +)}} +{{- end }} + +{{- define "kubeflow.notebooks.controller.mainClusterRoleName" -}} +{{- printf "%s-%s" + (include "kubeflow.fullname" .) + (include "kubeflow.notebooks.controller.name" .) +}} +{{- end }} + +{{- define "kubeflow.notebooks.controller.mainClusterRoleBindingName" -}} +{{- include "kubeflow.notebooks.controller.mainClusterRoleName" . }} +{{- end }} + +{{- define "kubeflow.notebooks.controller.leaderElectionRoleName" -}} +{{- printf "%s-%s-%s" + (include "kubeflow.fullname" .) + (include "kubeflow.notebooks.controller.name" .) + "leader-election" +}} +{{- end }} + +{{- define "kubeflow.notebooks.controller.leaderElectionRoleBindingName" -}} +{{- include "kubeflow.notebooks.controller.leaderElectionRoleName" . }} +{{- end }} + +{{- define "kubeflow.notebooks.controller.kfNbAdminClusterRoleName" -}} +{{- printf "%s-%s" (include "kubeflow.fullname" .) "notebooks-admin" }} +{{- end }} + +{{- define "kubeflow.notebooks.controller.kfNbEditClusterRoleName" -}} +{{- printf "%s-%s" (include "kubeflow.fullname" .) "notebooks-edit" }} +{{- end }} + +{{- define "kubeflow.notebooks.controller.kfNbViewClusterRoleName" -}} +{{- printf "%s-%s" (include "kubeflow.fullname" .) "notebooks-view" }} +{{- end }} + +{{/* +Role Aggregation Rule Labels +*/}} +{{- define "kubeflow.notebooks.controller.kfNbAdminClusterRoleLabel" -}} +{{- include "kubeflow.aggregationRule.labelBase" (include "kubeflow.notebooks.controller.kfNbAdminClusterRoleName" .) -}} +{{- end }} + +{{/* +Kubeflow Notebooks Controller Service. +*/}} +{{- define "kubeflow.notebooks.controller.svc.name" -}} +{{ include "kubeflow.component.svc.name" ( + include "kubeflow.notebooks.controller.name" . +)}} +{{- end }} + +{{- define "kubeflow.notebooks.controller.svc.addressWithNs" -}} +{{ include "kubeflow.component.svc.addressWithNs" ( + list + . + (include "kubeflow.notebooks.controller.name" .) +)}} +{{- end }} + +{{- define "kubeflow.notebooks.controller.svc.addressWithSvc" -}} +{{ include "kubeflow.component.svc.addressWithSvc" ( + list + . + (include "kubeflow.notebooks.controller.name" .) +)}} +{{- end }} + +{{- define "kubeflow.notebooks.controller.svc.fqdn" -}} +{{ include "kubeflow.component.svc.fqdn" ( + list + . + (include "kubeflow.notebooks.controller.name" .) +)}} +{{- end }} + +{{/* +Kubeflow Notebooks Controller object labels. +*/}} +{{- define "kubeflow.notebooks.controller.labels" -}} +{{ include "kubeflow.common.labels" . }} +{{ include "kubeflow.component.labels" (include "kubeflow.notebooks.name" .) }} +{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.notebooks.controller.name" .) }} +{{- end }} + +{{- define "kubeflow.notebooks.controller.selectorLabels" -}} +{{ include "kubeflow.common.selectorLabels" . }} +{{ include "kubeflow.component.selectorLabels" (include "kubeflow.notebooks.name" .) }} +{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.notebooks.controller.name" .) }} +{{- end }} + +{{/* +Kubeflow Notebooks Controller container image settings. +*/}} +{{- define "kubeflow.notebooks.controller.image" -}} +{{ include "kubeflow.component.image" ( + list + .Values.defaults.image + .Values.notebooks.controller.image +)}} +{{- end }} + +{{- define "kubeflow.notebooks.controller.imagePullPolicy" -}} +{{ include "kubeflow.component.imagePullPolicy" ( + list + .Values.defaults.image + .Values.notebooks.controller.image +)}} +{{- end }} + +{{/* +Kubeflow Notebooks Controller Autoscaling and Availability. +*/}} +{{- define "kubeflow.notebooks.controller.autoscaling.minReplicas" -}} +{{ include "kubeflow.component.autoscaling.minReplicas" ( + list + .Values.defaults.autoscaling + .Values.notebooks.controller.autoscaling +)}} +{{- end }} + +{{- define "kubeflow.notebooks.controller.autoscaling.maxReplicas" -}} +{{ include "kubeflow.component.autoscaling.maxReplicas" ( + list + .Values.defaults.autoscaling + .Values.notebooks.controller.autoscaling +)}} +{{- end }} + +{{- define "kubeflow.notebooks.controller.autoscaling.targetCPUUtilizationPercentage" -}} +{{ include "kubeflow.component.autoscaling.targetCPUUtilizationPercentage" ( + list + .Values.defaults.autoscaling + .Values.notebooks.controller.autoscaling +)}} +{{- end }} + +{{- define "kubeflow.notebooks.controller.autoscaling.targetMemoryUtilizationPercentage" -}} +{{ include "kubeflow.component.autoscaling.targetMemoryUtilizationPercentage" ( + list + .Values.defaults.autoscaling + .Values.notebooks.controller.autoscaling +)}} +{{- end }} + +{{- define "kubeflow.notebooks.controller.pdb.values" -}} +{{- include "kubeflow.component.pdb.values" ( + list + .Values.defaults.podDisruptionBudget + .Values.notebooks.controller.podDisruptionBudget +)}} +{{- end }} + +{{/* +Kubeflow Notebooks Controller Security Context. +*/}} +{{- define "kubeflow.notebooks.controller.containerSecurityContext" -}} +{{ include "kubeflow.component.containerSecurityContext" ( + list + .Values.defaults.containerSecurityContext + .Values.notebooks.controller.containerSecurityContext +)}} +{{- end }} + +{{/* +Kubeflow Notebooks Controller Scheduling. +*/}} +{{- define "kubeflow.notebooks.controller.topologySpreadConstraints" -}} +{{ include "kubeflow.component.topologySpreadConstraints" ( + list + .Values.defaults.topologySpreadConstraints + .Values.notebooks.controller.topologySpreadConstraints +)}} +{{- end }} + +{{- define "kubeflow.notebooks.controller.nodeSelector" -}} +{{ include "kubeflow.component.nodeSelector" ( + list + .Values.defaults.nodeSelector + .Values.notebooks.controller.nodeSelector +)}} +{{- end }} + +{{- define "kubeflow.notebooks.controller.tolerations" -}} +{{ include "kubeflow.component.tolerations" ( + list + .Values.defaults.tolerations + .Values.notebooks.controller.tolerations +)}} +{{- end }} + +{{- define "kubeflow.notebooks.controller.affinity" -}} +{{ include "kubeflow.component.affinity" ( + list + .Values.defaults.affinity + .Values.notebooks.controller.affinity +)}} +{{- end }} + +{{/* +Kubeflow Notebooks Controller enable and create toggles. +*/}} +{{- define "kubeflow.notebooks.controller.enabled" -}} +{{- ternary true "" ( + and + (include "kubeflow.notebooks.enabled" . | eq "true") + .Values.notebooks.controller.enabled +)}} +{{- end }} + +{{- define "kubeflow.notebooks.controller.autoscaling.enabled" -}} +{{ include "kubeflow.component.autoscaling.enabled" ( + list + .Values.defaults.autoscaling + .Values.notebooks.controller.autoscaling +)}} +{{- end }} + +{{- define "kubeflow.notebooks.controller.rbac.createRoles" -}} +{{- ternary true "" ( + and + (include "kubeflow.notebooks.controller.enabled" . | eq "true") + .Values.notebooks.controller.rbac.create +)}} +{{- end }} + +{{- define "kubeflow.notebooks.controller.createServiceAccount" -}} +{{- ternary true "" ( +and + (include "kubeflow.notebooks.controller.enabled" . | eq "true") + .Values.notebooks.controller.serviceAccount.create +)}} +{{- end }} + +{{- define "kubeflow.notebooks.controller.pdb.create" -}} +{{- include "kubeflow.component.pdb.create" ( + list + (include "kubeflow.notebooks.controller.enabled" .) + .Values.defaults.podDisruptionBudget + .Values.notebooks.controller.podDisruptionBudget +)}} +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.notebooks.jupyterWebApp.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.notebooks.jupyterWebApp.tpl new file mode 100644 index 00000000..bd88015a --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.notebooks.jupyterWebApp.tpl @@ -0,0 +1,241 @@ +{{/* +Kubeflow Notebooks Jupyter Web App object names. +*/}} +{{- define "kubeflow.notebooks.jupyterWebApp.baseName" -}} +{{- printf "jupyter-web-app" }} +{{- end }} + +{{- define "kubeflow.notebooks.jupyterWebApp.name" -}} +{{- include "kubeflow.component.name" ( + list + (include "kubeflow.notebooks.jupyterWebApp.baseName" .) + . +)}} +{{- end }} + +{{/* +Kubeflow Notebooks Jupyter Web App object labels. +*/}} +{{- define "kubeflow.notebooks.jupyterWebApp.labels" -}} +{{ include "kubeflow.common.labels" . }} +{{ include "kubeflow.component.labels" (include "kubeflow.notebooks.name" .) }} +{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.notebooks.jupyterWebApp.name" .) }} +{{- end }} + +{{- define "kubeflow.notebooks.jupyterWebApp.selectorLabels" -}} +{{ include "kubeflow.common.selectorLabels" . }} +{{ include "kubeflow.component.selectorLabels" (include "kubeflow.notebooks.name" .) }} +{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.notebooks.jupyterWebApp.name" .) }} +{{- end }} + +{{- define "kubeflow.notebooks.jupyterWebApp.image" -}} +{{ include "kubeflow.component.image" (list .Values.defaults.image .Values.notebooks.jupyterWebApp.image) }} +{{- end }} + +{{- define "kubeflow.notebooks.jupyterWebApp.imagePullPolicy" -}} +{{ include "kubeflow.component.imagePullPolicy" (list .Values.defaults.image .Values.notebooks.jupyterWebApp.image) }} +{{- end }} + +{{- define "kubeflow.notebooks.jupyterWebApp.autoscaling.enabled" -}} +{{ include "kubeflow.component.autoscaling.enabled" (list .Values.defaults.autoscaling .Values.notebooks.jupyterWebApp.autoscaling) }} +{{- end }} + +{{- define "kubeflow.notebooks.jupyterWebApp.autoscaling.minReplicas" -}} +{{ include "kubeflow.component.autoscaling.minReplicas" (list .Values.defaults.autoscaling .Values.notebooks.jupyterWebApp.autoscaling) }} +{{- end }} + +{{- define "kubeflow.notebooks.jupyterWebApp.autoscaling.maxReplicas" -}} +{{ include "kubeflow.component.autoscaling.maxReplicas" (list .Values.defaults.autoscaling .Values.notebooks.jupyterWebApp.autoscaling) }} +{{- end }} + +{{- define "kubeflow.notebooks.jupyterWebApp.autoscaling.targetCPUUtilizationPercentage" -}} +{{ include "kubeflow.component.autoscaling.targetCPUUtilizationPercentage" (list .Values.defaults.autoscaling .Values.notebooks.jupyterWebApp.autoscaling) }} +{{- end }} + +{{- define "kubeflow.notebooks.jupyterWebApp.autoscaling.targetMemoryUtilizationPercentage" -}} +{{ include "kubeflow.component.autoscaling.targetMemoryUtilizationPercentage" (list .Values.defaults.autoscaling .Values.notebooks.jupyterWebApp.autoscaling) }} +{{- end }} + + +{{- define "kubeflow.notebooks.jupyterWebApp.spawnerUI.configMapName" -}} +{{- printf "%s-%s" (include "kubeflow.notebooks.jupyterWebApp.name" .) "config" }} +{{- end }} + +{{- define "kubeflow.notebooks.jupyterWebApp.logos.configMapName" -}} +{{- $customConfigMap := .Values.notebooks.jupyterWebApp.logos.customConfigMap -}} +{{- if $customConfigMap -}} + {{- print $customConfigMap }} +{{- else -}} + {{- printf "%s-%s" (include "kubeflow.notebooks.jupyterWebApp.name" .) "logos" }} +{{- end -}} +{{- end }} + +{{- define "kubeflow.notebooks.jupyterWebApp.mainClusterRoleName" -}} +{{- printf "%s-%s" + (include "kubeflow.fullname" .) + (include "kubeflow.notebooks.jupyterWebApp.name" .) +}} +{{- end }} + +{{- define "kubeflow.notebooks.jupyterWebApp.mainClusterRoleBindingName" -}} +{{- include "kubeflow.notebooks.jupyterWebApp.mainClusterRoleName" . }} +{{- end }} + +{{- define "kubeflow.notebooks.jupyterWebApp.kfNbUiAdminClusterRoleName" -}} +{{- printf "%s-%s" (include "kubeflow.fullname" .) "notebooks-ui-admin" }} +{{- end }} + +{{- define "kubeflow.notebooks.jupyterWebApp.kfNbUiEditClusterRoleName" -}} +{{- printf "%s-%s" (include "kubeflow.fullname" .) "notebooks-ui-edit" }} +{{- end }} + +{{- define "kubeflow.notebooks.jupyterWebApp.kfNbUiViewClusterRoleName" -}} +{{- printf "%s-%s" (include "kubeflow.fullname" .) "notebooks-ui-view" }} +{{- end }} + +{{/* +Kubeflow Notebooks Jupyter Web App enable and create toggles. +*/}} +{{- define "kubeflow.notebooks.jupyterWebApp.enabled" -}} +{{- ternary true "" ( + and + (include "kubeflow.notebooks.enabled" . | eq "true") + .Values.notebooks.jupyterWebApp.enabled +)}} +{{- end }} + +{{- define "kubeflow.notebooks.jupyterWebApp.createIstioIntegrationObjects" -}} +{{- ternary true "" ( + and + .Values.istioIntegration.enabled + (include "kubeflow.notebooks.jupyterWebApp.enabled" . | eq "true" ) +)}} +{{- end }} + +{{- define "kubeflow.notebooks.jupyterWebApp.rbac.createRoles" -}} +{{- ternary true "" ( + and + (include "kubeflow.notebooks.jupyterWebApp.enabled" . | eq "true") + .Values.notebooks.jupyterWebApp.rbac.create +)}} +{{- end }} + +{{- define "kubeflow.notebooks.jupyterWebApp.createServiceAccount" -}} +{{- ternary true "" ( +and + (include "kubeflow.notebooks.jupyterWebApp.enabled" . | eq "true") + .Values.notebooks.jupyterWebApp.serviceAccount.create +)}} +{{- end }} + +{{- define "kubeflow.notebooks.jupyterWebApp.logos.createConfigMap" -}} +{{- and + (include "kubeflow.notebooks.jupyterWebApp.enabled" . | eq "true") + (not .Values.notebooks.jupyterWebApp.logos.customConfigMap) +}} +{{- end }} + +{{- define "kubeflow.notebooks.jupyterWebApp.serviceAccountName" -}} +{{- include "kubeflow.component.serviceAccountName" (list (include "kubeflow.notebooks.jupyterWebApp.name" .) .Values.notebooks.jupyterWebApp.serviceAccount) }} +{{- end }} + +{{- define "kubeflow.notebooks.jupyterWebApp.authorizationPolicyExtAuthName" -}} +{{ include "kubeflow.component.authorizationPolicyExtAuthName" ( + list + (include "kubeflow.notebooks.jupyterWebApp.name" .) + .Values.istioIntegration +)}} +{{- end }} + +{{/* +Kubeflow Notebooks Jupyter Web App Service. +*/}} +{{- define "kubeflow.notebooks.jupyterWebApp.svc.name" -}} +{{ include "kubeflow.component.svc.name" ( + include "kubeflow.notebooks.jupyterWebApp.name" . +)}} +{{- end }} + +{{- define "kubeflow.notebooks.jupyterWebApp.svc.addressWithNs" -}} +{{ include "kubeflow.component.svc.addressWithNs" ( + list + . + (include "kubeflow.notebooks.jupyterWebApp.name" .) +)}} +{{- end }} + +{{- define "kubeflow.notebooks.jupyterWebApp.svc.addressWithSvc" -}} +{{ include "kubeflow.component.svc.addressWithSvc" ( + list + . + (include "kubeflow.notebooks.jupyterWebApp.name" .) +)}} +{{- end }} + +{{- define "kubeflow.notebooks.jupyterWebApp.svc.fqdn" -}} +{{ include "kubeflow.component.svc.fqdn" ( + list + . + (include "kubeflow.notebooks.jupyterWebApp.name" .) +)}} +{{- end }} + +{{/* +Kubeflow Notebooks Jupyter Web App Security Context. +*/}} +{{- define "kubeflow.notebooks.jupyterWebApp.containerSecurityContext" -}} +{{ include "kubeflow.component.containerSecurityContext" ( + list + .Values.defaults.containerSecurityContext + .Values.notebooks.jupyterWebApp.containerSecurityContext +)}} +{{- end }} + +{{- define "kubeflow.notebooks.jupyterWebApp.topologySpreadConstraints" -}} +{{ include "kubeflow.component.topologySpreadConstraints" ( + list + .Values.defaults.topologySpreadConstraints + .Values.notebooks.jupyterWebApp.topologySpreadConstraints +)}} +{{- end }} + +{{- define "kubeflow.notebooks.jupyterWebApp.nodeSelector" -}} +{{ include "kubeflow.component.nodeSelector" ( + list + .Values.defaults.nodeSelector + .Values.notebooks.jupyterWebApp.nodeSelector +)}} +{{- end }} + +{{- define "kubeflow.notebooks.jupyterWebApp.tolerations" -}} +{{ include "kubeflow.component.tolerations" ( + list + .Values.defaults.tolerations + .Values.notebooks.jupyterWebApp.tolerations +)}} +{{- end }} + +{{- define "kubeflow.notebooks.jupyterWebApp.affinity" -}} +{{ include "kubeflow.component.affinity" ( + list + .Values.defaults.affinity + .Values.notebooks.jupyterWebApp.affinity +)}} +{{- end }} + +{{- define "kubeflow.notebooks.jupyterWebApp.pdb.create" -}} +{{- include "kubeflow.component.pdb.create" ( + list + (include "kubeflow.notebooks.jupyterWebApp.enabled" .) + .Values.defaults.podDisruptionBudget + .Values.notebooks.jupyterWebApp.podDisruptionBudget +)}} +{{- end }} + +{{- define "kubeflow.notebooks.jupyterWebApp.pdb.values" -}} +{{- include "kubeflow.component.pdb.values" ( + list + .Values.defaults.podDisruptionBudget + .Values.notebooks.jupyterWebApp.podDisruptionBudget +)}} +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.notebooks.pvcviewerController.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.notebooks.pvcviewerController.tpl new file mode 100644 index 00000000..0247b236 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.notebooks.pvcviewerController.tpl @@ -0,0 +1,368 @@ +{{/* +Kubeflow Notebooks PVC Viewer Controller object names. +*/}} +{{- define "kubeflow.notebooks.pvcviewerController.baseName" -}} +{{- printf "pvcviewer-controller" }} +{{- end }} + +{{- define "kubeflow.notebooks.pvcviewerController.name" -}} +{{- include "kubeflow.component.name" ( + list + (include "kubeflow.notebooks.pvcviewerController.baseName" .) + . +)}} +{{- end }} + +{{- define "kubeflow.notebooks.pvcviewerController.manager.name" -}} +{{- printf "%s-%s" + (include "kubeflow.notebooks.pvcviewerController.name" .) + "manager" +}} +{{- end }} + +{{- define "kubeflow.notebooks.pvcviewerController.kubeRbacProxy.name" -}} +{{- printf "%s-%s" + (include "kubeflow.notebooks.pvcviewerController.name" .) + "kube-rbac-proxy" +}} +{{- end }} + +{{- define "kubeflow.notebooks.pvcviewerController.serviceAccountName" -}} +{{- include "kubeflow.component.serviceAccountName" ( + list + (include "kubeflow.notebooks.pvcviewerController.name" .) + .Values.notebooks.pvcviewerController.serviceAccount +)}} +{{- end }} + +{{- define "kubeflow.notebooks.pvcviewerController.mainClusterRoleName" -}} +{{- printf "%s-%s" + (include "kubeflow.fullname" .) + (include "kubeflow.notebooks.pvcviewerController.name" .) +}} +{{- end }} + +{{- define "kubeflow.notebooks.pvcviewerController.mainClusterRoleBindingName" -}} +{{- include "kubeflow.notebooks.pvcviewerController.mainClusterRoleName" . }} +{{- end }} + +{{- define "kubeflow.notebooks.pvcviewerController.leaderElectionRoleName" -}} +{{- printf "%s-%s-%s" + (include "kubeflow.fullname" .) + (include "kubeflow.notebooks.pvcviewerController.name" .) + "leader-election" +}} +{{- end }} + +{{- define "kubeflow.notebooks.pvcviewerController.leaderElectionRoleBindingName" -}} +{{- include "kubeflow.notebooks.pvcviewerController.leaderElectionRoleName" . }} +{{- end }} + +{{- define "kubeflow.notebooks.pvcviewerController.metricsReaderClusterRoleName" -}} +{{- printf "%s-%s-%s" + (include "kubeflow.fullname" .) + (include "kubeflow.notebooks.pvcviewerController.name" .) + "metrics-reader" +}} +{{- end }} + +{{- define "kubeflow.notebooks.pvcviewerController.metricsReaderClusterRoleBindingName" -}} +{{- include "kubeflow.notebooks.pvcviewerController.metricsReaderClusterRoleName" . }} +{{- end }} + +{{- define "kubeflow.notebooks.pvcviewerController.proxyClusterRoleName" -}} +{{- printf "%s-%s-%s" + (include "kubeflow.fullname" .) + (include "kubeflow.notebooks.pvcviewerController.name" .) + "proxy" +}} +{{- end }} + +{{- define "kubeflow.notebooks.pvcviewerController.proxyClusterRoleBindingName" -}} +{{- include "kubeflow.notebooks.pvcviewerController.proxyClusterRoleName" . }} +{{- end }} + + +{{- define "kubeflow.notebooks.pvcviewerController.tlsCertSecretName" -}} +{{ printf "%s-%s" (include "kubeflow.notebooks.pvcviewerController.name" .) "tls-certs" }} +{{- end }} + +{{- define "kubeflow.notebooks.pvcviewerController.certIssuerName" -}} +{{ printf "%s-%s" (include "kubeflow.notebooks.pvcviewerController.name" .) "selfsigned-issuer" }} +{{- end }} + +{{- define "kubeflow.notebooks.pvcviewerController.certName" -}} +{{ printf "%s-%s" (include "kubeflow.notebooks.pvcviewerController.name" .) "cert" }} +{{- end }} + +{{- define "kubeflow.notebooks.pvcviewerController.mutatingWebhookName" -}} +{{ printf "%s-%s" (include "kubeflow.notebooks.pvcviewerController.name" .) "mutating" }} +{{- end }} + +{{- define "kubeflow.notebooks.pvcviewerController.validatingWebhookName" -}} +{{ printf "%s-%s" (include "kubeflow.notebooks.pvcviewerController.name" .) "validating" }} +{{- end }} + +{{/* +Kubeflow Notebooks PVC Viewer Controller Service. +*/}} +{{- define "kubeflow.notebooks.pvcviewerController.manager.svc.name" -}} +{{ include "kubeflow.component.svc.name" ( + include "kubeflow.notebooks.pvcviewerController.manager.name" . +)}} +{{- end }} + +{{- define "kubeflow.notebooks.pvcviewerController.manager.svc.addressWithNs" -}} +{{ include "kubeflow.component.svc.addressWithNs" ( + list + . + (include "kubeflow.notebooks.pvcviewerController.manager.name" .) +)}} +{{- end }} + +{{- define "kubeflow.notebooks.pvcviewerController.manager.svc.addressWithSvc" -}} +{{ include "kubeflow.component.svc.addressWithSvc" ( + list + . + (include "kubeflow.notebooks.pvcviewerController.manager.name" .) +)}} +{{- end }} + +{{- define "kubeflow.notebooks.pvcviewerController.manager.svc.fqdn" -}} +{{ include "kubeflow.component.svc.fqdn" ( + list + . + (include "kubeflow.notebooks.pvcviewerController.manager.name" .) +)}} +{{- end }} + +{{- define "kubeflow.notebooks.pvcviewerController.kubeRbacProxy.svc.name" -}} +{{ include "kubeflow.component.svc.name" ( + include "kubeflow.notebooks.pvcviewerController.kubeRbacProxy.name" . +)}} +{{- end }} + +{{- define "kubeflow.notebooks.pvcviewerController.webhook.port" -}} +{{- .Values.notebooks.pvcviewerController.manager.webhook.port }} +{{- end }} + +{{/* +Kubeflow Notebooks PVC Viewer Controller object labels. +*/}} +{{- define "kubeflow.notebooks.pvcviewerController.labels" -}} +{{ include "kubeflow.common.labels" . }} +{{ include "kubeflow.component.labels" (include "kubeflow.notebooks.name" .) }} +{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.notebooks.pvcviewerController.name" .) }} +{{- end }} + +{{- define "kubeflow.notebooks.pvcviewerController.selectorLabels" -}} +{{ include "kubeflow.common.selectorLabels" . }} +{{ include "kubeflow.component.selectorLabels" (include "kubeflow.notebooks.name" .) }} +{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.notebooks.pvcviewerController.name" .) }} +{{- end }} + +{{/* +Kubeflow Notebooks PVC Viewer Controller Manager container image settings. +*/}} +{{- define "kubeflow.notebooks.pvcviewerController.manager.image" -}} +{{ include "kubeflow.component.image" ( + list + .Values.defaults.image + .Values.notebooks.pvcviewerController.manager.image +)}} +{{- end }} + +{{- define "kubeflow.notebooks.pvcviewerController.manager.imagePullPolicy" -}} +{{ include "kubeflow.component.imagePullPolicy" ( + list + .Values.defaults.image + .Values.notebooks.pvcviewerController.manager.image +)}} +{{- end }} + +{{/* +Kubeflow Notebooks PVC Viewer Controller Kube RBAC Proxy container image settings. +*/}} +{{- define "kubeflow.notebooks.pvcviewerController.kubeRbacProxy.image" -}} +{{ include "kubeflow.component.image" ( + list + .Values.defaults.image + .Values.notebooks.pvcviewerController.kubeRbacProxy.image +)}} +{{- end }} + +{{- define "kubeflow.notebooks.pvcviewerController.kubeRbacProxy.imagePullPolicy" -}} +{{ include "kubeflow.component.imagePullPolicy" ( + list + .Values.defaults.image + .Values.notebooks.pvcviewerController.kubeRbacProxy.image +)}} +{{- end }} + +{{/* +Kubeflow Notebooks PVC Viewer Controller Autoscaling and Availability. +*/}} +{{- define "kubeflow.notebooks.pvcviewerController.autoscaling.minReplicas" -}} +{{ include "kubeflow.component.autoscaling.minReplicas" ( + list + .Values.defaults.autoscaling + .Values.notebooks.pvcviewerController.autoscaling +)}} +{{- end }} + +{{- define "kubeflow.notebooks.pvcviewerController.autoscaling.maxReplicas" -}} +{{ include "kubeflow.component.autoscaling.maxReplicas" ( + list + .Values.defaults.autoscaling + .Values.notebooks.pvcviewerController.autoscaling +)}} +{{- end }} + +{{- define "kubeflow.notebooks.pvcviewerController.autoscaling.targetCPUUtilizationPercentage" -}} +{{ include "kubeflow.component.autoscaling.targetCPUUtilizationPercentage" ( + list + .Values.defaults.autoscaling + .Values.notebooks.pvcviewerController.autoscaling +)}} +{{- end }} + +{{- define "kubeflow.notebooks.pvcviewerController.autoscaling.targetMemoryUtilizationPercentage" -}} +{{ include "kubeflow.component.autoscaling.targetMemoryUtilizationPercentage" ( + list + .Values.defaults.autoscaling + .Values.notebooks.pvcviewerController.autoscaling +)}} +{{- end }} + +{{- define "kubeflow.notebooks.pvcviewerController.pdb.values" -}} +{{- include "kubeflow.component.pdb.values" ( + list + .Values.defaults.podDisruptionBudget + .Values.notebooks.pvcviewerController.podDisruptionBudget +)}} +{{- end }} + +{{/* +Kubeflow Notebooks PVC Viewer Controller Security Context. +*/}} +{{- define "kubeflow.notebooks.pvcviewerController.manager.containerSecurityContext" -}} +{{ include "kubeflow.component.containerSecurityContext" ( + list + .Values.defaults.containerSecurityContext + .Values.notebooks.pvcviewerController.manager.containerSecurityContext +)}} +{{- end }} + +{{- define "kubeflow.notebooks.pvcviewerController.kubeRbacProxy.containerSecurityContext" -}} +{{ include "kubeflow.component.containerSecurityContext" ( + list + .Values.defaults.containerSecurityContext + .Values.notebooks.pvcviewerController.kubeRbacProxy.containerSecurityContext +)}} +{{- end }} + +{{- define "kubeflow.notebooks.pvcviewerController.securityContext" -}} +{{ include "kubeflow.component.containerSecurityContext" ( + list + .Values.defaults.containerSecurityContext + .Values.notebooks.pvcviewerController.securityContext +)}} +{{- end }} + +{{/* +Kubeflow Notebooks PVC Viewer Controller Scheduling. +*/}} +{{- define "kubeflow.notebooks.pvcviewerController.topologySpreadConstraints" -}} +{{ include "kubeflow.component.topologySpreadConstraints" ( + list + .Values.defaults.topologySpreadConstraints + .Values.notebooks.pvcviewerController.topologySpreadConstraints +)}} +{{- end }} + +{{- define "kubeflow.notebooks.pvcviewerController.nodeSelector" -}} +{{ include "kubeflow.component.tolerations" ( + list + .Values.defaults.nodeSelector + .Values.notebooks.pvcviewerController.nodeSelector +)}} +{{- end }} + +{{- define "kubeflow.notebooks.pvcviewerController.tolerations" -}} +{{ include "kubeflow.component.tolerations" ( + list + .Values.defaults.tolerations + .Values.notebooks.pvcviewerController.tolerations +)}} +{{- end }} + +{{- define "kubeflow.notebooks.pvcviewerController.affinity" -}} +{{ include "kubeflow.component.affinity" ( + list + .Values.defaults.affinity + .Values.notebooks.pvcviewerController.affinity +)}} +{{- end }} + +{{- define "kubeflow.notebooks.pvcviewerController.terminationGracePeriodSeconds" -}} +{{ include "kubeflow.component.terminationGracePeriodSeconds" ( + list + .Values.defaults.terminationGracePeriodSeconds + .Values.notebooks.pvcviewerController.terminationGracePeriodSeconds +)}} +{{- end }} + +{{/* +Kubeflow Notebooks PVC Viewer Controller enable and create toggles. +*/}} +{{- define "kubeflow.notebooks.pvcviewerController.enabled" -}} +{{- ternary true "" ( + and + (include "kubeflow.notebooks.enabled" . | eq "true") + .Values.notebooks.pvcviewerController.enabled +)}} +{{- end }} + +{{- define "kubeflow.notebooks.pvcviewerController.autoscaling.enabled" -}} +{{ include "kubeflow.component.autoscaling.enabled" ( + list + .Values.defaults.autoscaling + .Values.notebooks.pvcviewerController.autoscaling +)}} +{{- end }} + +{{- define "kubeflow.notebooks.pvcviewerController.rbac.createRoles" -}} +{{- ternary true "" ( + and + (include "kubeflow.notebooks.pvcviewerController.enabled" . | eq "true") + .Values.notebooks.pvcviewerController.rbac.create +)}} +{{- end }} + +{{- define "kubeflow.notebooks.pvcviewerController.createServiceAccount" -}} +{{- ternary true "" ( +and + (include "kubeflow.notebooks.pvcviewerController.enabled" . | eq "true") + .Values.notebooks.pvcviewerController.serviceAccount.create +)}} +{{- end }} + +{{- define "kubeflow.notebooks.pvcviewerController.pdb.create" -}} +{{- include "kubeflow.component.pdb.create" ( + list + (include "kubeflow.notebooks.pvcviewerController.enabled" .) + .Values.defaults.podDisruptionBudget + .Values.notebooks.pvcviewerController.podDisruptionBudget +)}} +{{- end }} + +{{/* +Kubeflow Notebooks PVC Viewer Controller certificate manager. +*/}} +{{- define "kubeflow.notebooks.pvcviewerController.enabledWithCertManager" -}} +{{- ternary true "" ( + and + (include "kubeflow.notebooks.pvcviewerController.enabled" . | eq "true" ) + (include "kubeflow.certManagerIntegration.enabled" . | eq "true" ) +)}} +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.notebooks.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.notebooks.tpl new file mode 100644 index 00000000..61539601 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.notebooks.tpl @@ -0,0 +1,126 @@ +{{/* +Kubeflow Notebooks object names. +*/}} +{{- define "kubeflow.notebooks.baseName" -}} +{{- printf "notebooks" }} +{{- end }} + +{{- define "kubeflow.notebooks.baseRbacName" -}} +{{- printf "%s-%s" (include "kubeflow.fullname" .) (include "kubeflow.notebooks.name" .) }} +{{- end }} + +{{- define "kubeflow.notebooks.name" -}} +{{- include "kubeflow.component.name" ( + list + (include "kubeflow.notebooks.baseName" .) + . +)}} +{{- end }} + +{{/* +Kubeflow Notebooks object labels. +*/}} +{{- define "kubeflow.notebooks.labels" -}} +{{ include "kubeflow.common.labels" . }} +{{ include "kubeflow.component.labels" (include "kubeflow.notebooks.name" .) }} +{{- end }} + +{{- define "kubeflow.notebooks.selectorLabels" -}} +{{ include "kubeflow.common.selectorLabels" . }} +{{ include "kubeflow.component.selectorLabels" (include "kubeflow.notebooks.name" .) }} +{{- end }} + +{{/* +Kubeflow Notebooks container image settings. +*/}} +{{- define "kubeflow.notebooks.image" -}} +{{ include "kubeflow.component.image" (list .Values.defaults.image .Values.notebooks.image) }} +{{- end }} + +{{- define "kubeflow.notebooks.imagePullPolicy" -}} +{{ include "kubeflow.component.imagePullPolicy" (list .Values.defaults.image .Values.notebooks.image) }} +{{- end }} + +{{/* +Kubeflow Notebooks Autoscaling and Availability. +*/}} +{{- define "kubeflow.notebooks.autoscaling.enabled" -}} +{{ include "kubeflow.component.autoscaling.enabled" (list .Values.defaults.autoscaling .Values.notebooks.autoscaling) }} +{{- end }} + +{{- define "kubeflow.notebooks.autoscaling.minReplicas" -}} +{{ include "kubeflow.component.autoscaling.minReplicas" (list .Values.defaults.autoscaling .Values.notebooks.autoscaling) }} +{{- end }} + +{{- define "kubeflow.notebooks.autoscaling.maxReplicas" -}} +{{ include "kubeflow.component.autoscaling.maxReplicas" (list .Values.defaults.autoscaling .Values.notebooks.autoscaling) }} +{{- end }} + +{{- define "kubeflow.notebooks.autoscaling.targetCPUUtilizationPercentage" -}} +{{ include "kubeflow.component.autoscaling.targetCPUUtilizationPercentage" (list .Values.defaults.autoscaling .Values.notebooks.autoscaling) }} +{{- end }} + +{{- define "kubeflow.notebooks.autoscaling.targetMemoryUtilizationPercentage" -}} +{{ include "kubeflow.component.autoscaling.targetMemoryUtilizationPercentage" (list .Values.defaults.autoscaling .Values.notebooks.autoscaling) }} +{{- end }} + +{{- define "kubeflow.notebooks.pdb.values" -}} +{{- include "kubeflow.component.pdb.values" ( + list + .Values.defaults.podDisruptionBudget + .Values.notebooks.podDisruptionBudget +)}} +{{- end }} + +{{/* +Kubeflow Notebooks Security Context. +*/}} +{{- define "kubeflow.notebooks.containerSecurityContext" -}} +{{ include "kubeflow.component.containerSecurityContext" ( + list + .Values.defaults.containerSecurityContext + .Values.notebooks.containerSecurityContext +)}} +{{- end }} + +{{/* +Kubeflow Notebooks Scheduling. +*/}} +{{- define "kubeflow.notebooks.topologySpreadConstraints" -}} +{{ include "kubeflow.component.topologySpreadConstraints" ( + list + .Values.defaults.topologySpreadConstraints + .Values.notebooks.topologySpreadConstraints +)}} +{{- end }} + +{{- define "kubeflow.notebooks.nodeSelector" -}} +{{ include "kubeflow.component.nodeSelector" ( + list + .Values.defaults.nodeSelector + .Values.notebooks.nodeSelector +)}} +{{- end }} + +{{- define "kubeflow.notebooks.tolerations" -}} +{{ include "kubeflow.component.tolerations" ( + list + .Values.defaults.tolerations + .Values.notebooks.tolerations +)}} +{{- end }} + +{{- define "kubeflow.notebooks.affinity" -}} +{{ include "kubeflow.component.affinity" ( + list + .Values.defaults.affinity + .Values.notebooks.affinity +)}} +{{- end }} + +{{/* +Kubeflow Notebooks enable and create toggles. +*/}} +{{- define "kubeflow.notebooks.enabled" -}} +{{- ternary true "" .Values.notebooks.enabled }} +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.notebooks.volumesWebApp.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.notebooks.volumesWebApp.tpl new file mode 100644 index 00000000..600147a4 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.notebooks.volumesWebApp.tpl @@ -0,0 +1,229 @@ +{{/* +Kubeflow Notebooks Volumes Web App object names. +*/}} +{{- define "kubeflow.notebooks.volumesWebApp.baseName" -}} +{{- printf "volumes-web-app" }} +{{- end }} + +{{- define "kubeflow.notebooks.volumesWebApp.name" -}} +{{- include "kubeflow.component.name" ( + list + (include "kubeflow.notebooks.volumesWebApp.baseName" .) + . +)}} +{{- end }} + +{{/* +Kubeflow Notebooks Volumes Web App object labels. +*/}} +{{- define "kubeflow.notebooks.volumesWebApp.labels" -}} +{{ include "kubeflow.common.labels" . }} +{{ include "kubeflow.component.labels" (include "kubeflow.notebooks.name" .) }} +{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.notebooks.volumesWebApp.name" .) }} +{{- end }} + +{{- define "kubeflow.notebooks.volumesWebApp.selectorLabels" -}} +{{ include "kubeflow.common.selectorLabels" . }} +{{ include "kubeflow.component.selectorLabels" (include "kubeflow.notebooks.name" .) }} +{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.notebooks.volumesWebApp.name" .) }} +{{- end }} + +{{- define "kubeflow.notebooks.volumesWebApp.image" -}} +{{ include "kubeflow.component.image" (list .Values.defaults.image .Values.notebooks.volumesWebApp.image) }} +{{- end }} + +{{- define "kubeflow.notebooks.volumesWebApp.viewerImage" -}} +{{ include "kubeflow.component.image" (list .Values.defaults.image .Values.notebooks.volumesWebApp.config.viewer.image) }} +{{- end }} + +{{- define "kubeflow.notebooks.volumesWebApp.imagePullPolicy" -}} +{{ include "kubeflow.component.imagePullPolicy" (list .Values.defaults.image .Values.notebooks.volumesWebApp.image) }} +{{- end }} + +{{- define "kubeflow.notebooks.volumesWebApp.autoscaling.enabled" -}} +{{ include "kubeflow.component.autoscaling.enabled" (list .Values.defaults.autoscaling .Values.notebooks.volumesWebApp.autoscaling) }} +{{- end }} + +{{- define "kubeflow.notebooks.volumesWebApp.autoscaling.minReplicas" -}} +{{ include "kubeflow.component.autoscaling.minReplicas" (list .Values.defaults.autoscaling .Values.notebooks.volumesWebApp.autoscaling) }} +{{- end }} + +{{- define "kubeflow.notebooks.volumesWebApp.autoscaling.maxReplicas" -}} +{{ include "kubeflow.component.autoscaling.maxReplicas" (list .Values.defaults.autoscaling .Values.notebooks.volumesWebApp.autoscaling) }} +{{- end }} + +{{- define "kubeflow.notebooks.volumesWebApp.autoscaling.targetCPUUtilizationPercentage" -}} +{{ include "kubeflow.component.autoscaling.targetCPUUtilizationPercentage" (list .Values.defaults.autoscaling .Values.notebooks.volumesWebApp.autoscaling) }} +{{- end }} + +{{- define "kubeflow.notebooks.volumesWebApp.autoscaling.targetMemoryUtilizationPercentage" -}} +{{ include "kubeflow.component.autoscaling.targetMemoryUtilizationPercentage" (list .Values.defaults.autoscaling .Values.notebooks.volumesWebApp.autoscaling) }} +{{- end }} + + +{{- define "kubeflow.notebooks.volumesWebApp.configMapName" -}} +{{- printf "%s-%s" (include "kubeflow.notebooks.volumesWebApp.name" .) "viewer-spec" }} +{{- end }} + +{{- define "kubeflow.notebooks.volumesWebApp.mainClusterRoleName" -}} +{{- printf "%s-%s" + (include "kubeflow.fullname" .) + (include "kubeflow.notebooks.volumesWebApp.name" .) +}} +{{- end }} + +{{- define "kubeflow.notebooks.volumesWebApp.mainClusterRoleBindingName" -}} +{{- include "kubeflow.notebooks.volumesWebApp.mainClusterRoleName" . }} +{{- end }} + +{{- define "kubeflow.notebooks.volumesWebApp.kfVolUiAdminClusterRoleName" -}} +{{- printf "%s-%s" (include "kubeflow.fullname" .) "volumes-ui-admin" }} +{{- end }} + +{{- define "kubeflow.notebooks.volumesWebApp.kfVolUiEditClusterRoleName" -}} +{{- printf "%s-%s" (include "kubeflow.fullname" .) "volumes-ui-edit" }} +{{- end }} + +{{- define "kubeflow.notebooks.volumesWebApp.kfVolUiViewClusterRoleName" -}} +{{- printf "%s-%s" (include "kubeflow.fullname" .) "volumes-ui-view" }} +{{- end }} + +{{/* +Kubeflow Notebooks Volumes Web App enable and create toggles. +*/}} +{{- define "kubeflow.notebooks.volumesWebApp.enabled" -}} +{{- ternary true "" ( + and + (include "kubeflow.notebooks.enabled" . | eq "true") + .Values.notebooks.volumesWebApp.enabled +)}} +{{- end }} + +{{- define "kubeflow.notebooks.volumesWebApp.createIstioIntegrationObjects" -}} +{{- ternary true "" ( + and + .Values.istioIntegration.enabled + (include "kubeflow.notebooks.volumesWebApp.enabled" . | eq "true" ) +)}} +{{- end }} + +{{- define "kubeflow.notebooks.volumesWebApp.rbac.createRoles" -}} +{{- ternary true "" ( + and + (include "kubeflow.notebooks.volumesWebApp.enabled" . | eq "true") + .Values.notebooks.volumesWebApp.rbac.create +)}} +{{- end }} + +{{- define "kubeflow.notebooks.volumesWebApp.createServiceAccount" -}} +{{- ternary true "" ( +and + (include "kubeflow.notebooks.volumesWebApp.enabled" . | eq "true") + .Values.notebooks.volumesWebApp.serviceAccount.create +)}} +{{- end }} + +{{- define "kubeflow.notebooks.volumesWebApp.serviceAccountName" -}} +{{- include "kubeflow.component.serviceAccountName" (list (include "kubeflow.notebooks.volumesWebApp.name" .) .Values.notebooks.volumesWebApp.serviceAccount) }} +{{- end }} + +{{- define "kubeflow.notebooks.volumesWebApp.authorizationPolicyExtAuthName" -}} +{{ include "kubeflow.component.authorizationPolicyExtAuthName" ( + list + (include "kubeflow.notebooks.volumesWebApp.name" .) + .Values.istioIntegration +)}} +{{- end }} + +{{/* +Kubeflow Notebooks Volumes Web App Service. +*/}} +{{- define "kubeflow.notebooks.volumesWebApp.svc.name" -}} +{{ include "kubeflow.component.svc.name" ( + include "kubeflow.notebooks.volumesWebApp.name" . +)}} +{{- end }} + +{{- define "kubeflow.notebooks.volumesWebApp.svc.addressWithNs" -}} +{{ include "kubeflow.component.svc.addressWithNs" ( + list + . + (include "kubeflow.notebooks.volumesWebApp.name" .) +)}} +{{- end }} + +{{- define "kubeflow.notebooks.volumesWebApp.svc.addressWithSvc" -}} +{{ include "kubeflow.component.svc.addressWithSvc" ( + list + . + (include "kubeflow.notebooks.volumesWebApp.name" .) +)}} +{{- end }} + +{{- define "kubeflow.notebooks.volumesWebApp.svc.fqdn" -}} +{{ include "kubeflow.component.svc.fqdn" ( + list + . + (include "kubeflow.notebooks.volumesWebApp.name" .) +)}} +{{- end }} + +{{/* +Kubeflow Notebooks Volumes Web App Security Context. +*/}} +{{- define "kubeflow.notebooks.volumesWebApp.containerSecurityContext" -}} +{{ include "kubeflow.component.containerSecurityContext" ( + list + .Values.defaults.containerSecurityContext + .Values.notebooks.volumesWebApp.containerSecurityContext +)}} +{{- end }} + +{{- define "kubeflow.notebooks.volumesWebApp.topologySpreadConstraints" -}} +{{ include "kubeflow.component.topologySpreadConstraints" ( + list + .Values.defaults.topologySpreadConstraints + .Values.notebooks.volumesWebApp.topologySpreadConstraints +)}} +{{- end }} + +{{- define "kubeflow.notebooks.volumesWebApp.nodeSelector" -}} +{{ include "kubeflow.component.nodeSelector" ( + list + .Values.defaults.nodeSelector + .Values.notebooks.volumesWebApp.nodeSelector +)}} +{{- end }} + +{{- define "kubeflow.notebooks.volumesWebApp.tolerations" -}} +{{ include "kubeflow.component.tolerations" ( + list + .Values.defaults.tolerations + .Values.notebooks.volumesWebApp.tolerations +)}} +{{- end }} + +{{- define "kubeflow.notebooks.volumesWebApp.affinity" -}} +{{ include "kubeflow.component.affinity" ( + list + .Values.defaults.affinity + .Values.notebooks.volumesWebApp.affinity +)}} +{{- end }} + +{{- define "kubeflow.notebooks.volumesWebApp.pdb.create" -}} +{{- include "kubeflow.component.pdb.create" ( + list + (include "kubeflow.notebooks.volumesWebApp.enabled" .) + .Values.defaults.podDisruptionBudget + .Values.notebooks.volumesWebApp.podDisruptionBudget +)}} +{{- end }} + +{{- define "kubeflow.notebooks.volumesWebApp.pdb.values" -}} +{{- include "kubeflow.component.pdb.values" ( + list + .Values.defaults.podDisruptionBudget + .Values.notebooks.volumesWebApp.podDisruptionBudget +)}} +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.oauth2ProxyIntegration.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.oauth2ProxyIntegration.tpl new file mode 100644 index 00000000..aa4170a3 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.oauth2ProxyIntegration.tpl @@ -0,0 +1,6 @@ +{{- define "kubeflow.oauth2ProxyIntegration.istio.enabled" -}} +{{- and + (include "kubeflow.istioIntegration.enabled" . | eq "true" ) + .Values.oauth2ProxyIntegration.enabled +}} +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.cache.config.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.cache.config.tpl new file mode 100644 index 00000000..a86fc88f --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.cache.config.tpl @@ -0,0 +1,108 @@ +{{/* +Kubeflow Pipelines Cache config. +*/}} + +{{/* +Environment names for the env spec parametrization. +*/}} +{{- define "kubeflow.pipelines.cache.config.db.user.env.name" -}} +{{- "DBCONFIG_USER" }} +{{- end }} + +{{- define "kubeflow.pipelines.cache.config.db.password.env.name" -}} +{{- "DBCONFIG_PASSWORD" }} +{{- end }} + +{{- define "kubeflow.pipelines.cache.config.db.host.env.name" -}} +{{- "DBCONFIG_HOST" }} +{{- end }} + +{{- define "kubeflow.pipelines.cache.config.db.port.env.name" -}} +{{- "DBCONFIG_PORT" }} +{{- end }} + +{{- define "kubeflow.pipelines.cache.config.db.cacheDatabaseName.env.name" -}} +{{- "DBCONFIG_CACHE_DB_NAME" }} +{{- end }} + +{{- define "kubeflow.pipelines.cache.config.db.driver.env.name" -}} +{{- "DBCONFIG_DRIVER" }} +{{- end }} + + +{{/* +Environment Entries parametrization with plaintext value +or through Secrets. +*/}} +{{- define "kubeflow.pipelines.cache.config.db.user.env.spec" -}} +{{- include "kubeflow.component.env.spec" ( + list + (include "kubeflow.pipelines.cache.config.db.user.env.name" . ) + .Values.pipelines.config.db.existingSecretName + .Values.pipelines.config.db.user +) }} +{{- end }} + +{{- define "kubeflow.pipelines.cache.config.db.password.env.spec" -}} +{{- include "kubeflow.component.env.spec" ( + list + (include "kubeflow.pipelines.cache.config.db.password.env.name" . ) + .Values.pipelines.config.db.existingSecretName + .Values.pipelines.config.db.password +) }} +{{- end }} + +{{- define "kubeflow.pipelines.cache.config.db.host.env.spec" -}} +{{- include "kubeflow.component.env.spec" ( + list + (include "kubeflow.pipelines.cache.config.db.host.env.name" . ) + .Values.pipelines.config.db.existingSecretName + .Values.pipelines.config.db.host +) }} +{{- end }} + +{{- define "kubeflow.pipelines.cache.config.db.port.env.spec" -}} +{{- include "kubeflow.component.env.spec" ( + list + (include "kubeflow.pipelines.cache.config.db.port.env.name" . ) + .Values.pipelines.config.db.existingSecretName + .Values.pipelines.config.db.port +) }} +{{- end }} + +{{- define "kubeflow.pipelines.cache.config.db.cacheDatabaseName.env.spec" -}} +{{- include "kubeflow.component.env.spec" ( + list + (include "kubeflow.pipelines.cache.config.db.cacheDatabaseName.env.name" . ) + .Values.pipelines.config.db.existingSecretName + .Values.pipelines.config.db.cacheDatabaseName +) }} +{{- end }} + +{{- define "kubeflow.pipelines.cache.config.db.pipelineDatabaseName.env.spec" -}} +{{- include "kubeflow.component.env.spec" ( + list + (include "kubeflow.pipelines.cache.config.db.pipelineDatabaseName.env.name" . ) + .Values.pipelines.config.db.existingSecretName + .Values.pipelines.config.db.pipelineDatabaseName +) }} +{{- end }} + +{{- define "kubeflow.pipelines.cache.config.db.conMaxLifetime.env.spec" -}} +{{- include "kubeflow.component.env.spec" ( + list + (include "kubeflow.pipelines.cache.config.db.conMaxLifetime.env.name" . ) + .Values.pipelines.config.db.existingSecretName + .Values.pipelines.config.db.conMaxLifetime +) }} +{{- end }} + +{{- define "kubeflow.pipelines.cache.config.db.driver.env.spec" -}} +{{- include "kubeflow.component.env.spec" ( + list + (include "kubeflow.pipelines.cache.config.db.driver.env.name" . ) + .Values.pipelines.config.db.existingSecretName + .Values.pipelines.config.db.driver +) }} +{{- end }} + diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.cache.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.cache.tpl new file mode 100644 index 00000000..28654916 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.cache.tpl @@ -0,0 +1,252 @@ +{{/* +Kubeflow Pipelines Cache object names. +*/}} +{{- define "kubeflow.pipelines.cache.baseName" -}} +{{- printf "ml-pipeline-cache" }} +{{- end }} + +{{- define "kubeflow.pipelines.cache.name" -}} +{{- include "kubeflow.component.name" ( + list + (include "kubeflow.pipelines.cache.baseName" .) + . +)}} +{{- end }} + +{{- define "kubeflow.pipelines.cache.serviceAccountName" -}} +{{- include "kubeflow.component.serviceAccountName" ( + list + (include "kubeflow.pipelines.cache.name" .) + .Values.pipelines.cache.serviceAccount) +}} +{{- end }} + +{{- define "kubeflow.pipelines.cache.serviceAccountPrincipal" -}} +{{- include "kubeflow.component.serviceAccountPrincipal" ( + list + . + (include "kubeflow.pipelines.cache.serviceAccountName" .) +)}} +{{- end }} + +{{- define "kubeflow.pipelines.cache.roleName" -}} +{{- include "kubeflow.pipelines.cache.name" . }} +{{- end }} + +{{- define "kubeflow.pipelines.cache.roleBindingName" -}} +{{- include "kubeflow.pipelines.cache.roleName" . }} +{{- end }} + +{{- define "kubeflow.pipelines.cache.tlsCertSecretName" -}} +{{ printf "%s-%s" (include "kubeflow.pipelines.cache.name" .) "tls-certs" }} +{{- end }} + +{{- define "kubeflow.pipelines.cache.certIssuerName" -}} +{{ printf "%s-%s" (include "kubeflow.pipelines.cache.name" .) "selfsigned-issuer" }} +{{- end }} + +{{- define "kubeflow.pipelines.cache.certName" -}} +{{ printf "%s-%s" (include "kubeflow.pipelines.cache.name" .) "cert" }} +{{- end }} + +{{- define "kubeflow.pipelines.cache.webhookName" -}} +{{ print (include "kubeflow.pipelines.cache.name" .) }} +{{- end }} + +{{/* +Kubeflow Pipelines Cache Service. +*/}} +{{- define "kubeflow.pipelines.cache.svc.name" -}} +{{ include "kubeflow.component.svc.name" ( + include "kubeflow.pipelines.cache.name" . +)}} +{{- end }} + +{{- define "kubeflow.pipelines.cache.svc.addressWithNs" -}} +{{ include "kubeflow.component.svc.addressWithNs" ( + list + . + (include "kubeflow.pipelines.cache.name" .) +)}} +{{- end }} + +{{- define "kubeflow.pipelines.cache.svc.addressWithSvc" -}} +{{ include "kubeflow.component.svc.addressWithSvc" ( + list + . + (include "kubeflow.pipelines.cache.name" .) +)}} +{{- end }} + +{{- define "kubeflow.pipelines.cache.svc.fqdn" -}} +{{ include "kubeflow.component.svc.fqdn" ( + list + . + (include "kubeflow.pipelines.cache.name" .) +)}} +{{- end }} + +{{/* +Kubeflow Pipelines Cache object labels. +*/}} +{{- define "kubeflow.pipelines.cache.labels" -}} +{{ include "kubeflow.common.labels" . }} +{{ include "kubeflow.component.labels" (include "kubeflow.pipelines.name" .) }} +{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.pipelines.cache.name" .) }} +{{- end }} + +{{- define "kubeflow.pipelines.cache.selectorLabels" -}} +{{ include "kubeflow.common.selectorLabels" . }} +{{ include "kubeflow.component.selectorLabels" (include "kubeflow.pipelines.name" .) }} +{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.pipelines.cache.name" .) }} +{{- end }} + +{{- define "kubeflow.pipelines.cache.cacheEnabledLabel" -}} +pipelines.kubeflow.org/cache_enabled: "true" +{{- end }} + +{{- define "kubeflow.pipelines.cache.cacheDisabledLabel" -}} +pipelines.kubeflow.org/cache_enabled: "false" +{{- end }} + +{{/* +Kubeflow Pipelines Cache container image settings. +*/}} +{{- define "kubeflow.pipelines.cache.image" -}} +{{- include "kubeflow.pipelines.image" ( + list + .Values.defaults.image + .Values.pipelines.defaults.image + .Values.pipelines.cache.image +)}} +{{- end }} + +{{- define "kubeflow.pipelines.cache.imagePullPolicy" -}} +{{- include "kubeflow.pipelines.imagePullPolicy" ( + list + .Values.defaults.image + .Values.pipelines.defaults.image + .Values.pipelines.cache.image +)}} +{{- end }} + + +{{/* +Kubeflow Pipelines Cache Autoscaling and Availability. +*/}} +{{- define "kubeflow.pipelines.cache.autoscaling.enabled" -}} +{{ include "kubeflow.component.autoscaling.enabled" (list .Values.defaults.autoscaling .Values.pipelines.cache.autoscaling) }} +{{- end }} + +{{- define "kubeflow.pipelines.cache.autoscaling.minReplicas" -}} +{{ include "kubeflow.component.autoscaling.minReplicas" (list .Values.defaults.autoscaling .Values.pipelines.cache.autoscaling) }} +{{- end }} + +{{- define "kubeflow.pipelines.cache.autoscaling.maxReplicas" -}} +{{ include "kubeflow.component.autoscaling.maxReplicas" (list .Values.defaults.autoscaling .Values.pipelines.cache.autoscaling) }} +{{- end }} + +{{- define "kubeflow.pipelines.cache.autoscaling.targetCPUUtilizationPercentage" -}} +{{ include "kubeflow.component.autoscaling.targetCPUUtilizationPercentage" (list .Values.defaults.autoscaling .Values.pipelines.cache.autoscaling) }} +{{- end }} + +{{- define "kubeflow.pipelines.cache.autoscaling.targetMemoryUtilizationPercentage" -}} +{{ include "kubeflow.component.autoscaling.targetMemoryUtilizationPercentage" (list .Values.defaults.autoscaling .Values.pipelines.cache.autoscaling) }} +{{- end }} + +{{- define "kubeflow.pipelines.cache.pdb.values" -}} +{{- include "kubeflow.component.pdb.values" ( + list + .Values.defaults.podDisruptionBudget + .Values.pipelines.cache.podDisruptionBudget +)}} +{{- end }} + +{{/* +Kubeflow Pipelines Cache Security Context. +*/}} +{{- define "kubeflow.pipelines.cache.containerSecurityContext" -}} +{{- include "kubeflow.component.containerSecurityContext" ( + list + .Values.defaults.containerSecurityContext + .Values.pipelines.cache.containerSecurityContext +)}} +{{- end }} + +{{/* +Kubeflow Pipelines Cache Scheduling. +*/}} +{{- define "kubeflow.pipelines.cache.topologySpreadConstraints" -}} +{{ include "kubeflow.component.topologySpreadConstraints" ( + list + .Values.defaults.topologySpreadConstraints + .Values.pipelines.cache.topologySpreadConstraints +)}} +{{- end }} + +{{- define "kubeflow.pipelines.cache.nodeSelector" -}} +{{ include "kubeflow.component.nodeSelector" ( + list + .Values.defaults.nodeSelector + .Values.pipelines.cache.nodeSelector +)}} +{{- end }} + +{{- define "kubeflow.pipelines.cache.tolerations" -}} +{{ include "kubeflow.component.tolerations" ( + list + .Values.defaults.tolerations + .Values.pipelines.cache.tolerations +)}} +{{- end }} + +{{- define "kubeflow.pipelines.cache.affinity" -}} +{{ include "kubeflow.component.affinity" ( + list + .Values.defaults.affinity + .Values.pipelines.cache.affinity +)}} +{{- end }} + +{{/* +Kubeflow Pipelines Cache enable and create toggles. +*/}} +{{- define "kubeflow.pipelines.cache.enabled" -}} +{{- ternary true "" ( + and + (include "kubeflow.pipelines.enabled" . | eq "true") + .Values.pipelines.cache.enabled +)}} +{{- end }} + +{{- define "kubeflow.pipelines.cache.rbac.createRoles" -}} +{{- ternary true "" ( + and + (include "kubeflow.pipelines.cache.enabled" . | eq "true") + .Values.pipelines.cache.rbac.create +)}} +{{- end }} + +{{- define "kubeflow.pipelines.cache.createServiceAccount" -}} +{{- ternary true "" ( + and + (include "kubeflow.pipelines.cache.enabled" . | eq "true") + .Values.pipelines.cache.serviceAccount.create +)}} +{{- end }} + +{{- define "kubeflow.pipelines.cache.enabledWithCertManager" -}} +{{- ternary true "" ( + and + (include "kubeflow.pipelines.cache.enabled" . | eq "true" ) + (include "kubeflow.certManagerIntegration.enabled" . | eq "true" ) +)}} +{{- end }} + +{{- define "kubeflow.pipelines.cache.createIstioIntegrationObjects" -}} +{{- ternary true "" ( + and + (include "kubeflow.pipelines.cache.enabled" . | eq "true" ) + .Values.istioIntegration.enabled +)}} +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.metadataEnvoy.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.metadataEnvoy.tpl new file mode 100644 index 00000000..34ed877b --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.metadataEnvoy.tpl @@ -0,0 +1,197 @@ +{{/* +Kubeflow Pipelines Metadata Envoy object names. +*/}} +{{- define "kubeflow.pipelines.metadataEnvoy.baseName" -}} +{{- printf "ml-pipeline-metadata-envoy" }} +{{- end }} + +{{- define "kubeflow.pipelines.metadataEnvoy.name" -}} +{{- include "kubeflow.component.name" ( + list + (include "kubeflow.pipelines.metadataEnvoy.baseName" .) + . +)}} +{{- end }} + +{{- define "kubeflow.pipelines.metadataEnvoy.serviceAccountName" -}} +{{- include "kubeflow.component.serviceAccountName" ( + list + (include "kubeflow.pipelines.metadataEnvoy.name" .) + .Values.pipelines.metadataEnvoy.serviceAccount) +}} +{{- end }} + +{{- define "kubeflow.pipelines.metadataEnvoy.roleName" -}} +{{- include "kubeflow.pipelines.metadataEnvoy.name" . }} +{{- end }} + +{{- define "kubeflow.pipelines.metadataEnvoy.roleBindingName" -}} +{{- include "kubeflow.pipelines.metadataEnvoy.roleName" . }} +{{- end }} + +{{/* +Kubeflow Pipelines Metadata Envoy Service. +*/}} +{{- define "kubeflow.pipelines.metadataEnvoy.svc.name" -}} +{{ include "kubeflow.component.svc.name" ( + include "kubeflow.pipelines.metadataEnvoy.name" . +)}} +{{- end }} + +{{- define "kubeflow.pipelines.metadataEnvoy.svc.fqdn" -}} +{{ include "kubeflow.component.svc.fqdn" ( + list + . + (include "kubeflow.pipelines.metadataEnvoy.name" .) +)}} +{{- end }} + +{{/* +Kubeflow Pipelines Metadata Envoy object labels. +*/}} +{{- define "kubeflow.pipelines.metadataEnvoy.labels" -}} +{{ include "kubeflow.common.labels" . }} +{{ include "kubeflow.component.labels" (include "kubeflow.pipelines.name" .) }} +{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.pipelines.metadataEnvoy.name" .) }} +{{- end }} + +{{- define "kubeflow.pipelines.metadataEnvoy.selectorLabels" -}} +{{ include "kubeflow.common.selectorLabels" . }} +{{ include "kubeflow.component.selectorLabels" (include "kubeflow.pipelines.name" .) }} +{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.pipelines.metadataEnvoy.name" .) }} +{{- end }} + + +{{/* +Kubeflow Pipelines Metadata Envoy container image settings. +*/}} +{{- define "kubeflow.pipelines.metadataEnvoy.image" -}} +{{- include "kubeflow.pipelines.image" ( + list + .Values.defaults.image + .Values.pipelines.defaults.image + .Values.pipelines.metadataEnvoy.image +)}} +{{- end }} + +{{- define "kubeflow.pipelines.metadataEnvoy.imagePullPolicy" -}} +{{- include "kubeflow.pipelines.imagePullPolicy" ( + list + .Values.defaults.image + .Values.pipelines.defaults.image + .Values.pipelines.metadataEnvoy.image +)}} +{{- end }} + + +{{/* +Kubeflow Pipelines Metadata Envoy Autoscaling and Availability. +*/}} +{{- define "kubeflow.pipelines.metadataEnvoy.autoscaling.enabled" -}} +{{ include "kubeflow.component.autoscaling.enabled" (list .Values.defaults.autoscaling .Values.pipelines.metadataEnvoy.autoscaling) }} +{{- end }} + +{{- define "kubeflow.pipelines.metadataEnvoy.autoscaling.minReplicas" -}} +{{ include "kubeflow.component.autoscaling.minReplicas" (list .Values.defaults.autoscaling .Values.pipelines.metadataEnvoy.autoscaling) }} +{{- end }} + +{{- define "kubeflow.pipelines.metadataEnvoy.autoscaling.maxReplicas" -}} +{{ include "kubeflow.component.autoscaling.maxReplicas" (list .Values.defaults.autoscaling .Values.pipelines.metadataEnvoy.autoscaling) }} +{{- end }} + +{{- define "kubeflow.pipelines.metadataEnvoy.autoscaling.targetCPUUtilizationPercentage" -}} +{{ include "kubeflow.component.autoscaling.targetCPUUtilizationPercentage" (list .Values.defaults.autoscaling .Values.pipelines.metadataEnvoy.autoscaling) }} +{{- end }} + +{{- define "kubeflow.pipelines.metadataEnvoy.autoscaling.targetMemoryUtilizationPercentage" -}} +{{ include "kubeflow.component.autoscaling.targetMemoryUtilizationPercentage" (list .Values.defaults.autoscaling .Values.pipelines.metadataEnvoy.autoscaling) }} +{{- end }} + +{{- define "kubeflow.pipelines.metadataEnvoy.pdb.values" -}} +{{- include "kubeflow.component.pdb.values" ( + list + .Values.defaults.podDisruptionBudget + .Values.pipelines.metadataEnvoy.podDisruptionBudget +)}} +{{- end }} + +{{/* +Kubeflow Pipelines Metadata Envoy Security Context. +*/}} +{{- define "kubeflow.pipelines.metadataEnvoy.containerSecurityContext" -}} +{{- include "kubeflow.component.containerSecurityContext" ( + list + .Values.defaults.containerSecurityContext + .Values.pipelines.metadataEnvoy.containerSecurityContext +)}} +{{- end }} + +{{/* +Kubeflow Pipelines Metadata Envoy Scheduling. +*/}} +{{- define "kubeflow.pipelines.metadataEnvoy.topologySpreadConstraints" -}} +{{ include "kubeflow.component.topologySpreadConstraints" ( + list + .Values.defaults.topologySpreadConstraints + .Values.pipelines.metadataEnvoy.topologySpreadConstraints +)}} +{{- end }} + +{{- define "kubeflow.pipelines.metadataEnvoy.nodeSelector" -}} +{{ include "kubeflow.component.nodeSelector" ( + list + .Values.defaults.nodeSelector + .Values.pipelines.metadataEnvoy.nodeSelector +)}} +{{- end }} + +{{- define "kubeflow.pipelines.metadataEnvoy.tolerations" -}} +{{ include "kubeflow.component.tolerations" ( + list + .Values.defaults.tolerations + .Values.pipelines.metadataEnvoy.tolerations +)}} +{{- end }} + +{{- define "kubeflow.pipelines.metadataEnvoy.affinity" -}} +{{ include "kubeflow.component.affinity" ( + list + .Values.defaults.affinity + .Values.pipelines.metadataEnvoy.affinity +)}} +{{- end }} + +{{/* +Kubeflow Pipelines Metadata Envoy enable and create toggles. +*/}} +{{- define "kubeflow.pipelines.metadataEnvoy.enabled" -}} +{{- and + (include "kubeflow.pipelines.enabled" . | eq "true") + .Values.pipelines.metadataEnvoy.enabled +}} +{{- end }} + +{{/* +NOTE: Currently metadata-envoy doesn't define any rbac. +Let's be consistent and define functions around Service Account and RBAC. +*/}} +{{- define "kubeflow.pipelines.metadataEnvoy.rbac.createRoles" -}} +{{- and + (include "kubeflow.pipelines.metadataEnvoy.enabled" . | eq "true") + (((default (dict "create" false) .Values.pipelines.metadataEnvoy.rbac).create)) + .Values.pipelines.metadataEnvoy.rbac.create }} +{{- end }} + +{{/* +NOTE: metadata-envoy doesn't define ServiceAccount. +Let's be consistent and define functions around Service Account and RBAC. + +TODO: creation of service account shouldn't depend on if rbac is created. +People might want to define their own RBAC. +*/}} +{{- define "kubeflow.pipelines.metadataEnvoy.createServiceAccount" -}} +{{- and + (include "kubeflow.pipelines.metadataEnvoy.enabled" . | eq "true") + .Values.pipelines.metadataEnvoy.serviceAccount.create +}} +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.metadataGrpcServer.config.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.metadataGrpcServer.config.tpl new file mode 100644 index 00000000..ce8449e1 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.metadataGrpcServer.config.tpl @@ -0,0 +1,76 @@ +{{/* +Kubeflow Pipelines Metadata GRPC Server config. +*/}} + +{{/* +Environment names. +*/}} +{{- define "kubeflow.pipelines.metadataGrpcServer.config.db.user.env.name" -}} +{{- "DBCONFIG_USER" }} +{{- end }} + +{{- define "kubeflow.pipelines.metadataGrpcServer.config.db.password.env.name" -}} +{{- "DBCONFIG_PASSWORD" }} +{{- end }} + +{{- define "kubeflow.pipelines.metadataGrpcServer.config.db.host.env.name" -}} +{{- "DBCONFIG_HOST" }} +{{- end }} + +{{- define "kubeflow.pipelines.metadataGrpcServer.config.db.port.env.name" -}} +{{- "DBCONFIG_PORT" }} +{{- end }} + +{{- define "kubeflow.pipelines.metadataGrpcServer.config.db.mlmdDatabaseName.env.name" -}} +{{- "DBCONFIG_MLMD_DB_NAME" }} +{{- end }} + + +{{/* +Environment Entries parametrization with plaintext value +or through Secrets. +*/}} +{{- define "kubeflow.pipelines.metadataGrpcServer.config.db.user.env.spec" -}} +{{- include "kubeflow.component.env.spec" ( + list + (include "kubeflow.pipelines.metadataGrpcServer.config.db.user.env.name" . ) + .Values.pipelines.config.db.existingSecretName + .Values.pipelines.config.db.user +) }} +{{- end }} + +{{- define "kubeflow.pipelines.metadataGrpcServer.config.db.password.env.spec" -}} +{{- include "kubeflow.component.env.spec" ( + list + (include "kubeflow.pipelines.metadataGrpcServer.config.db.password.env.name" . ) + .Values.pipelines.config.db.existingSecretName + .Values.pipelines.config.db.password +) }} +{{- end }} + +{{- define "kubeflow.pipelines.metadataGrpcServer.config.db.host.env.spec" -}} +{{- include "kubeflow.component.env.spec" ( + list + (include "kubeflow.pipelines.metadataGrpcServer.config.db.host.env.name" . ) + .Values.pipelines.config.db.existingSecretName + .Values.pipelines.config.db.host +) }} +{{- end }} + +{{- define "kubeflow.pipelines.metadataGrpcServer.config.db.port.env.spec" -}} +{{- include "kubeflow.component.env.spec" ( + list + (include "kubeflow.pipelines.metadataGrpcServer.config.db.port.env.name" . ) + .Values.pipelines.config.db.existingSecretName + .Values.pipelines.config.db.port +) }} +{{- end }} + +{{- define "kubeflow.pipelines.metadataGrpcServer.config.db.mlmdDatabaseName.env.spec" -}} +{{- include "kubeflow.component.env.spec" ( + list + (include "kubeflow.pipelines.metadataGrpcServer.config.db.mlmdDatabaseName.env.name" . ) + .Values.pipelines.config.db.existingSecretName + .Values.pipelines.config.db.mlmdDatabaseName +) }} +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.metadataGrpcServer.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.metadataGrpcServer.tpl new file mode 100644 index 00000000..067db59d --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.metadataGrpcServer.tpl @@ -0,0 +1,209 @@ +{{/* +Kubeflow Pipelines Metadata GRPC Server object names. +*/}} +{{- define "kubeflow.pipelines.metadataGrpcServer.baseName" -}} +{{- printf "ml-pipeline-metadata-grpc-server" }} +{{- end }} + +{{- define "kubeflow.pipelines.metadataGrpcServer.name" -}} +{{- include "kubeflow.component.name" ( + list + (include "kubeflow.pipelines.metadataGrpcServer.baseName" .) + . +)}} +{{- end }} + +{{- define "kubeflow.pipelines.metadataGrpcServer.serviceAccountName" -}} +{{- include "kubeflow.component.serviceAccountName" ( + list + (include "kubeflow.pipelines.metadataGrpcServer.name" .) + .Values.pipelines.metadataGrpcServer.serviceAccount) +}} +{{- end }} + +{{- define "kubeflow.pipelines.metadataGrpcServer.roleName" -}} +{{- include "kubeflow.pipelines.metadataGrpcServer.name" . }} +{{- end }} + +{{- define "kubeflow.pipelines.metadataGrpcServer.roleBindingName" -}} +{{- include "kubeflow.pipelines.metadataGrpcServer.roleName" . }} +{{- end }} + +{{/* +Kubeflow Pipelines Metadata GRPC Server Service. +*/}} +{{- define "kubeflow.pipelines.metadataGrpcServer.svc.name" -}} +{{ include "kubeflow.component.svc.name" ( + include "kubeflow.pipelines.metadataGrpcServer.name" . +)}} +{{- end }} + +{{- define "kubeflow.pipelines.metadataGrpcServer.svc.addressWithNs" -}} +{{ include "kubeflow.component.svc.addressWithNs" ( + list + . + (include "kubeflow.pipelines.metadataGrpcServer.name" .) +)}} +{{- end }} + +{{- define "kubeflow.pipelines.metadataGrpcServer.svc.addressWithSvc" -}} +{{ include "kubeflow.component.svc.addressWithSvc" ( + list + . + (include "kubeflow.pipelines.metadataGrpcServer.name" .) +)}} +{{- end }} + +{{- define "kubeflow.pipelines.metadataGrpcServer.svc.fqdn" -}} +{{ include "kubeflow.component.svc.fqdn" ( + list + . + (include "kubeflow.pipelines.metadataGrpcServer.name" .) +)}} +{{- end }} + +{{/* +Kubeflow Pipelines Metadata GRPC Server object labels. +*/}} +{{- define "kubeflow.pipelines.metadataGrpcServer.labels" -}} +{{ include "kubeflow.common.labels" . }} +{{ include "kubeflow.component.labels" (include "kubeflow.pipelines.name" .) }} +{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.pipelines.metadataGrpcServer.name" .) }} +{{- end }} + +{{- define "kubeflow.pipelines.metadataGrpcServer.selectorLabels" -}} +{{ include "kubeflow.common.selectorLabels" . }} +{{ include "kubeflow.component.selectorLabels" (include "kubeflow.pipelines.name" .) }} +{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.pipelines.metadataGrpcServer.name" .) }} +{{- end }} + +{{/* +Kubeflow Pipelines Metadata GRPC Server container image settings. +*/}} +{{- define "kubeflow.pipelines.metadataGrpcServer.image" -}} +{{- include "kubeflow.pipelines.image" ( + list + .Values.defaults.image + .Values.pipelines.defaults.image + .Values.pipelines.metadataGrpcServer.image +)}} +{{- end }} + +{{- define "kubeflow.pipelines.metadataGrpcServer.imagePullPolicy" -}} +{{- include "kubeflow.pipelines.imagePullPolicy" ( + list + .Values.defaults.image + .Values.pipelines.defaults.image + .Values.pipelines.metadataGrpcServer.image +)}} +{{- end }} + + +{{/* +Kubeflow Pipelines Metadata GRPC Server Autoscaling and Availability. +*/}} +{{- define "kubeflow.pipelines.metadataGrpcServer.autoscaling.enabled" -}} +{{ include "kubeflow.component.autoscaling.enabled" (list .Values.defaults.autoscaling .Values.pipelines.metadataGrpcServer.autoscaling) }} +{{- end }} + +{{- define "kubeflow.pipelines.metadataGrpcServer.autoscaling.minReplicas" -}} +{{ include "kubeflow.component.autoscaling.minReplicas" (list .Values.defaults.autoscaling .Values.pipelines.metadataGrpcServer.autoscaling) }} +{{- end }} + +{{- define "kubeflow.pipelines.metadataGrpcServer.autoscaling.maxReplicas" -}} +{{ include "kubeflow.component.autoscaling.maxReplicas" (list .Values.defaults.autoscaling .Values.pipelines.metadataGrpcServer.autoscaling) }} +{{- end }} + +{{- define "kubeflow.pipelines.metadataGrpcServer.autoscaling.targetCPUUtilizationPercentage" -}} +{{ include "kubeflow.component.autoscaling.targetCPUUtilizationPercentage" (list .Values.defaults.autoscaling .Values.pipelines.metadataGrpcServer.autoscaling) }} +{{- end }} + +{{- define "kubeflow.pipelines.metadataGrpcServer.autoscaling.targetMemoryUtilizationPercentage" -}} +{{ include "kubeflow.component.autoscaling.targetMemoryUtilizationPercentage" (list .Values.defaults.autoscaling .Values.pipelines.metadataGrpcServer.autoscaling) }} +{{- end }} + +{{- define "kubeflow.pipelines.metadataGrpcServer.pdb.values" -}} +{{- include "kubeflow.component.pdb.values" ( + list + .Values.defaults.podDisruptionBudget + .Values.pipelines.metadataGrpcServer.podDisruptionBudget +)}} +{{- end }} + +{{/* +Kubeflow Pipelines Metadata GRPC Server Security Context. +*/}} +{{- define "kubeflow.pipelines.metadataGrpcServer.containerSecurityContext" -}} +{{- include "kubeflow.component.containerSecurityContext" ( + list + .Values.defaults.containerSecurityContext + .Values.pipelines.metadataGrpcServer.containerSecurityContext +)}} +{{- end }} + +{{/* +Kubeflow Pipelines Metadata GRPC Server Scheduling. +*/}} +{{- define "kubeflow.pipelines.metadataGrpcServer.topologySpreadConstraints" -}} +{{ include "kubeflow.component.topologySpreadConstraints" ( + list + .Values.defaults.topologySpreadConstraints + .Values.pipelines.metadataGrpcServer.topologySpreadConstraints +)}} +{{- end }} + +{{- define "kubeflow.pipelines.metadataGrpcServer.nodeSelector" -}} +{{ include "kubeflow.component.nodeSelector" ( + list + .Values.defaults.nodeSelector + .Values.pipelines.metadataGrpcServer.nodeSelector +)}} +{{- end }} + +{{- define "kubeflow.pipelines.metadataGrpcServer.tolerations" -}} +{{ include "kubeflow.component.tolerations" ( + list + .Values.defaults.tolerations + .Values.pipelines.metadataGrpcServer.tolerations +)}} +{{- end }} + +{{- define "kubeflow.pipelines.metadataGrpcServer.affinity" -}} +{{ include "kubeflow.component.affinity" ( + list + .Values.defaults.affinity + .Values.pipelines.metadataGrpcServer.affinity +)}} +{{- end }} + +{{/* +Kubeflow Pipelines Metadata GRPC Server enable and create toggles. +*/}} +{{- define "kubeflow.pipelines.metadataGrpcServer.enabled" -}} +{{- ternary true "" ( + and + (include "kubeflow.pipelines.enabled" . | eq "true") + .Values.pipelines.metadataGrpcServer.enabled +)}} +{{- end }} + +{{- define "kubeflow.pipelines.metadataGrpcServer.rbac.createRoles" -}} +{{- and + (include "kubeflow.pipelines.metadataGrpcServer.enabled" . | eq "true") + .Values.pipelines.metadataGrpcServer.rbac.create }} +{{- end }} + +{{- define "kubeflow.pipelines.metadataGrpcServer.createServiceAccount" -}} +{{- and + (include "kubeflow.pipelines.metadataGrpcServer.enabled" . | eq "true") + .Values.pipelines.metadataGrpcServer.serviceAccount.create +}} +{{- end }} + +{{- define "kubeflow.pipelines.metadataGrpcServer.createIstioIntegrationObjects" -}} +{{- ternary true "" ( + and + (include "kubeflow.pipelines.metadataGrpcServer.enabled" . | eq "true" ) + .Values.istioIntegration.enabled +)}} +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.metadataWriter.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.metadataWriter.tpl new file mode 100644 index 00000000..7185d771 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.metadataWriter.tpl @@ -0,0 +1,204 @@ +{{/* +Kubeflow Pipelines Metadata Writer object names. +*/}} +{{- define "kubeflow.pipelines.metadataWriter.baseName" -}} +{{- printf "ml-pipeline-metadata-writer" }} +{{- end }} + +{{- define "kubeflow.pipelines.metadataWriter.name" -}} +{{- include "kubeflow.component.name" ( + list + (include "kubeflow.pipelines.metadataWriter.baseName" .) + . +)}} +{{- end }} + +{{- define "kubeflow.pipelines.metadataWriter.serviceAccountName" -}} +{{- include "kubeflow.component.serviceAccountName" ( + list + (include "kubeflow.pipelines.metadataWriter.name" .) + .Values.pipelines.metadataWriter.serviceAccount) +}} +{{- end }} + +{{- define "kubeflow.pipelines.metadataWriter.roleName" -}} +{{- include "kubeflow.pipelines.metadataWriter.name" . }} +{{- end }} + +{{- define "kubeflow.pipelines.metadataWriter.roleBindingName" -}} +{{- include "kubeflow.pipelines.metadataWriter.roleName" . }} +{{- end }} + +{{/* +Kubeflow Pipelines Metadata Writer Service. +*/}} +{{- define "kubeflow.pipelines.metadataWriter.svc.name" -}} +{{ include "kubeflow.component.svc.name" ( + include "kubeflow.pipelines.metadataWriter.name" . +)}} +{{- end }} + +{{- define "kubeflow.pipelines.metadataWriter.svc.addressWithNs" -}} +{{ include "kubeflow.component.svc.addressWithNs" ( + list + . + (include "kubeflow.pipelines.metadataWriter.name" .) +)}} +{{- end }} + +{{- define "kubeflow.pipelines.metadataWriter.svc.addressWithSvc" -}} +{{ include "kubeflow.component.svc.addressWithSvc" ( + list + . + (include "kubeflow.pipelines.metadataWriter.name" .) +)}} +{{- end }} + +{{- define "kubeflow.pipelines.metadataWriter.svc.fqdn" -}} +{{ include "kubeflow.component.svc.fqdn" ( + list + . + (include "kubeflow.pipelines.metadataWriter.name" .) +)}} +{{- end }} + +{{/* +Kubeflow Pipelines Metadata Writer object labels. +*/}} +{{- define "kubeflow.pipelines.metadataWriter.labels" -}} +{{ include "kubeflow.common.labels" . }} +{{ include "kubeflow.component.labels" (include "kubeflow.pipelines.name" .) }} +{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.pipelines.metadataWriter.name" .) }} +{{- end }} + +{{- define "kubeflow.pipelines.metadataWriter.selectorLabels" -}} +{{ include "kubeflow.common.selectorLabels" . }} +{{ include "kubeflow.component.selectorLabels" (include "kubeflow.pipelines.name" .) }} +{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.pipelines.metadataWriter.name" .) }} +{{- end }} + +{{/* +Kubeflow Pipelines Metadata Writer container image settings. +*/}} +{{- define "kubeflow.pipelines.metadataWriter.image" -}} +{{- include "kubeflow.pipelines.image" ( + list + .Values.defaults.image + .Values.pipelines.defaults.image + .Values.pipelines.metadataWriter.image +)}} +{{- end }} + +{{- define "kubeflow.pipelines.metadataWriter.imagePullPolicy" -}} +{{- include "kubeflow.pipelines.imagePullPolicy" ( + list + .Values.defaults.image + .Values.pipelines.defaults.image + .Values.pipelines.metadataWriter.image +)}} +{{- end }} + + +{{/* +Kubeflow Pipelines Metadata Writer Autoscaling and Availability. +*/}} +{{- define "kubeflow.pipelines.metadataWriter.autoscaling.enabled" -}} +{{ include "kubeflow.component.autoscaling.enabled" (list .Values.defaults.autoscaling .Values.pipelines.metadataWriter.autoscaling) }} +{{- end }} + +{{- define "kubeflow.pipelines.metadataWriter.autoscaling.minReplicas" -}} +{{ include "kubeflow.component.autoscaling.minReplicas" (list .Values.defaults.autoscaling .Values.pipelines.metadataWriter.autoscaling) }} +{{- end }} + +{{- define "kubeflow.pipelines.metadataWriter.autoscaling.maxReplicas" -}} +{{ include "kubeflow.component.autoscaling.maxReplicas" (list .Values.defaults.autoscaling .Values.pipelines.metadataWriter.autoscaling) }} +{{- end }} + +{{- define "kubeflow.pipelines.metadataWriter.autoscaling.targetCPUUtilizationPercentage" -}} +{{ include "kubeflow.component.autoscaling.targetCPUUtilizationPercentage" (list .Values.defaults.autoscaling .Values.pipelines.metadataWriter.autoscaling) }} +{{- end }} + +{{- define "kubeflow.pipelines.metadataWriter.autoscaling.targetMemoryUtilizationPercentage" -}} +{{ include "kubeflow.component.autoscaling.targetMemoryUtilizationPercentage" (list .Values.defaults.autoscaling .Values.pipelines.metadataWriter.autoscaling) }} +{{- end }} + +{{- define "kubeflow.pipelines.metadataWriter.pdb.values" -}} +{{- include "kubeflow.component.pdb.values" ( + list + .Values.defaults.podDisruptionBudget + .Values.pipelines.metadataWriter.podDisruptionBudget +)}} +{{- end }} + +{{/* +Kubeflow Pipelines Metadata Writer Security Context. +*/}} +{{- define "kubeflow.pipelines.metadataWriter.containerSecurityContext" -}} +{{- include "kubeflow.component.containerSecurityContext" ( + list + .Values.defaults.containerSecurityContext + .Values.pipelines.metadataWriter.containerSecurityContext +)}} +{{- end }} + +{{/* +Kubeflow Pipelines Metadata Writer Scheduling. +*/}} +{{- define "kubeflow.pipelines.metadataWriter.topologySpreadConstraints" -}} +{{ include "kubeflow.component.topologySpreadConstraints" ( + list + .Values.defaults.topologySpreadConstraints + .Values.pipelines.metadataWriter.topologySpreadConstraints +)}} +{{- end }} + +{{- define "kubeflow.pipelines.metadataWriter.nodeSelector" -}} +{{ include "kubeflow.component.nodeSelector" ( + list + .Values.defaults.nodeSelector + .Values.pipelines.metadataWriter.nodeSelector +)}} +{{- end }} + +{{- define "kubeflow.pipelines.metadataWriter.tolerations" -}} +{{ include "kubeflow.component.tolerations" ( + list + .Values.defaults.tolerations + .Values.pipelines.metadataWriter.tolerations +)}} +{{- end }} + +{{- define "kubeflow.pipelines.metadataWriter.affinity" -}} +{{ include "kubeflow.component.affinity" ( + list + .Values.defaults.affinity + .Values.pipelines.metadataWriter.affinity +)}} +{{- end }} + +{{/* +Kubeflow Pipelines Metadata Writer enable and create toggles. +*/}} +{{- define "kubeflow.pipelines.metadataWriter.enabled" -}} +{{- ternary true "" ( + and + (include "kubeflow.pipelines.enabled" . | eq "true") + .Values.pipelines.metadataWriter.enabled +)}} +{{- end }} + +{{- define "kubeflow.pipelines.metadataWriter.rbac.createRoles" -}} +{{- ternary true "" ( + and + (include "kubeflow.pipelines.metadataWriter.enabled" . | eq "true") + .Values.pipelines.metadataWriter.rbac.create +)}} +{{- end }} + +{{- define "kubeflow.pipelines.metadataWriter.createServiceAccount" -}} +{{- ternary true "" ( + and + (include "kubeflow.pipelines.metadataWriter.enabled" . | eq "true") + .Values.pipelines.metadataWriter.serviceAccount.create +)}} +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.mlPipeline.config.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.mlPipeline.config.tpl new file mode 100644 index 00000000..ae1fb959 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.mlPipeline.config.tpl @@ -0,0 +1,243 @@ +{{/* +Kubeflow Pipelines ML Pipeline (api-server) config. +*/}} + +{{/* +NOTE/TODO: KFP 2.0.2 supports postresql. This needs to be handled. +https://github.com/kubeflow/pipelines/blob/2.0.2/backend/src/apiserver/client_manager/client_manager.go#L47 + +relic variables +https://github.com/kubeflow/pipelines/blob/2.0.2/manifests/kustomize/base/pipeline/ml-pipeline-apiserver-deployment.yaml#L36 + +mysql config +https://github.com/kubeflow/pipelines/blob/2.0.2/manifests/kustomize/base/pipeline/ml-pipeline-apiserver-deployment.yaml#L73 + +DBConfig.MySQLConfig.Host == DBCONFIG_MYSQLCONFIG_HOST +DBConfig.PostgreSQLConfig.Host == DBCONFIG_POSTGRESQLCONFIG_HOST +*/}} + +{{/* +Environment names for database config. +*/}} + +# This env name is currently hardcoded: +# https://github.com/kubeflow/pipelines/blob/63ca91850a9f42a357f3417110a3011ddbf43290/backend/src/apiserver/client_manager.go#L46 +{{- define "kubeflow.pipelines.mlPipeline.config.db.user.env.name" -}} +{{- "DBCONFIG_MYSQLCONFIG_USER" }} +{{- end }} + +# This env name is currently hardcoded: +# https://github.com/kubeflow/pipelines/blob/63ca91850a9f42a357f3417110a3011ddbf43290/backend/src/apiserver/client_manager.go#L47 +{{- define "kubeflow.pipelines.mlPipeline.config.db.password.env.name" -}} +{{- "DBCONFIG_MYSQLCONFIG_PASSWORD" }} +{{- end }} + +# This env name is currently hardcoded: +# https://github.com/kubeflow/pipelines/blob/63ca91850a9f42a357f3417110a3011ddbf43290/backend/src/apiserver/client_manager.go#L44 +{{- define "kubeflow.pipelines.mlPipeline.config.db.host.env.name" -}} +{{- "DBCONFIG_MYSQLCONFIG_HOST" }} +{{- end }} + +# This env name is currently hardcoded: +# https://github.com/kubeflow/pipelines/blob/63ca91850a9f42a357f3417110a3011ddbf43290/backend/src/apiserver/client_manager.go#L45 +{{- define "kubeflow.pipelines.mlPipeline.config.db.port.env.name" -}} +{{- "DBCONFIG_MYSQLCONFIG_PORT" }} +{{- end }} + +# This env name is currently hardcoded: +# https://github.com/kubeflow/pipelines/blob/63ca91850a9f42a357f3417110a3011ddbf43290/backend/src/apiserver/client_manager.go#L48 +{{- define "kubeflow.pipelines.mlPipeline.config.db.pipelineDatabaseName.env.name" -}} +{{- "DBCONFIG_MYSQLCONFIG_DBNAME" }} +{{- end }} + +# This env name is currently hardcoded: +# https://github.com/kubeflow/pipelines/blob/63ca91850a9f42a357f3417110a3011ddbf43290/backend/src/apiserver/client_manager.go#L53 +{{- define "kubeflow.pipelines.mlPipeline.config.db.conMaxLifetime.env.name" -}} +{{- "DBCONFIG_CONMAXLIFETIME" }} +{{- end }} + +{{- define "kubeflow.pipelines.mlPipeline.config.db.driver.env.name" -}} +{{- "DB_DRIVER_NAME" }} +{{- end }} + +{{/* +Environment names for object store config. +*/}} + +# This env name is currently hardcoded: +# https://github.com/kubeflow/pipelines/blob/63ca91850a9f42a357f3417110a3011ddbf43290/backend/src/apiserver/client_manager.go#L408 +{{- define "kubeflow.pipelines.mlPipeline.config.objectStore.secure.env.name" -}} +{{- "OBJECTSTORECONFIG_SECURE" }} +{{- end }} + +# This env name is currently hardcoded: +# https://github.com/kubeflow/pipelines/blob/63ca91850a9f42a357f3417110a3011ddbf43290/backend/src/apiserver/client_manager.go#L411 +{{- define "kubeflow.pipelines.mlPipeline.config.objectStore.bucketName.env.name" -}} +{{- "OBJECTSTORECONFIG_BUCKETNAME" }} +{{- end }} + +# This env name is currently hardcoded: +# https://github.com/kubeflow/pipelines/blob/63ca91850a9f42a357f3417110a3011ddbf43290/backend/src/apiserver/client_manager.go#L402 +{{- define "kubeflow.pipelines.mlPipeline.config.objectStore.host.env.name" -}} +{{- "OBJECTSTORECONFIG_HOST" }} +{{- end }} + +# This env name is currently hardcoded: +# https://github.com/kubeflow/pipelines/blob/63ca91850a9f42a357f3417110a3011ddbf43290/backend/src/apiserver/client_manager.go#L409 +{{- define "kubeflow.pipelines.mlPipeline.config.objectStore.accessKey.env.name" -}} +{{- "OBJECTSTORECONFIG_ACCESSKEY" }} +{{- end }} + +# This env name is currently hardcoded: +# https://github.com/kubeflow/pipelines/blob/63ca91850a9f42a357f3417110a3011ddbf43290/backend/src/apiserver/client_manager.go#L410 +{{- define "kubeflow.pipelines.mlPipeline.config.objectStore.secretAccessKey.env.name" -}} +{{- "OBJECTSTORECONFIG_SECRETACCESSKEY" }} +{{- end }} + +# This env name is currently hardcoded: +# https://github.com/kubeflow/pipelines/blob/63ca91850a9f42a357f3417110a3011ddbf43290/backend/src/apiserver/client_manager.go#L403 +{{- define "kubeflow.pipelines.mlPipeline.config.objectStore.port.env.name" -}} +{{- "OBJECTSTORECONFIG_PORT" }} +{{- end }} + +# This env name is currently hardcoded: +# https://github.com/kubeflow/pipelines/blob/63ca91850a9f42a357f3417110a3011ddbf43290/backend/src/apiserver/client_manager.go#L405 +{{- define "kubeflow.pipelines.mlPipeline.config.objectStore.region.env.name" -}} +{{- "OBJECTSTORECONFIG_REGION" }} +{{- end }} + +{{/* +Environment Entries parametrization for database configuration with plaintext +value or through Secrets. +*/}} + +{{- define "kubeflow.pipelines.mlPipeline.config.db.user.env.spec" -}} +{{- include "kubeflow.component.env.spec" ( + list + (include "kubeflow.pipelines.mlPipeline.config.db.user.env.name" . ) + .Values.pipelines.config.db.existingSecretName + .Values.pipelines.config.db.user +) }} +{{- end }} + +{{- define "kubeflow.pipelines.mlPipeline.config.db.password.env.spec" -}} +{{- include "kubeflow.component.env.spec" ( + list + (include "kubeflow.pipelines.mlPipeline.config.db.password.env.name" . ) + .Values.pipelines.config.db.existingSecretName + .Values.pipelines.config.db.password +) }} +{{- end }} + +{{- define "kubeflow.pipelines.mlPipeline.config.db.host.env.spec" -}} +{{- include "kubeflow.component.env.spec" ( + list + (include "kubeflow.pipelines.mlPipeline.config.db.host.env.name" . ) + .Values.pipelines.config.db.existingSecretName + .Values.pipelines.config.db.host +) }} +{{- end }} + +{{- define "kubeflow.pipelines.mlPipeline.config.db.port.env.spec" -}} +{{- include "kubeflow.component.env.spec" ( + list + (include "kubeflow.pipelines.mlPipeline.config.db.port.env.name" . ) + .Values.pipelines.config.db.existingSecretName + .Values.pipelines.config.db.port +) }} +{{- end }} + +{{- define "kubeflow.pipelines.mlPipeline.config.db.pipelineDatabaseName.env.spec" -}} +{{- include "kubeflow.component.env.spec" ( + list + (include "kubeflow.pipelines.mlPipeline.config.db.pipelineDatabaseName.env.name" . ) + .Values.pipelines.config.db.existingSecretName + .Values.pipelines.config.db.pipelineDatabaseName +) }} +{{- end }} + +{{- define "kubeflow.pipelines.mlPipeline.config.db.conMaxLifetime.env.spec" -}} +{{- include "kubeflow.component.env.spec" ( + list + (include "kubeflow.pipelines.mlPipeline.config.db.conMaxLifetime.env.name" . ) + .Values.pipelines.config.db.existingSecretName + .Values.pipelines.config.db.conMaxLifetime +) }} +{{- end }} + +{{- define "kubeflow.pipelines.mlPipeline.config.db.driver.env.spec" -}} +{{- include "kubeflow.component.env.spec" ( + list + (include "kubeflow.pipelines.mlPipeline.config.db.driver.env.name" . ) + .Values.pipelines.config.db.existingSecretName + .Values.pipelines.config.db.driver +) }} +{{- end }} + +{{/* +Environment Entries parametrization for object store config with plaintext value +or through Secrets. +*/}} + +{{- define "kubeflow.pipelines.mlPipeline.config.objectStore.secure.env.spec" -}} +{{- include "kubeflow.component.env.spec" ( + list + (include "kubeflow.pipelines.mlPipeline.config.objectStore.secure.env.name" . ) + .Values.pipelines.config.objectStore.existingSecretName + .Values.pipelines.config.objectStore.secure +) }} +{{- end }} + +{{- define "kubeflow.pipelines.mlPipeline.config.objectStore.bucketName.env.spec" -}} +{{- include "kubeflow.component.env.spec" ( + list + (include "kubeflow.pipelines.mlPipeline.config.objectStore.bucketName.env.name" . ) + .Values.pipelines.config.objectStore.existingSecretName + .Values.pipelines.config.objectStore.bucketName +) }} +{{- end }} + +{{- define "kubeflow.pipelines.mlPipeline.config.objectStore.host.env.spec" -}} +{{- include "kubeflow.component.env.spec" ( + list + (include "kubeflow.pipelines.mlPipeline.config.objectStore.host.env.name" . ) + .Values.pipelines.config.objectStore.existingSecretName + .Values.pipelines.config.objectStore.host +) }} +{{- end }} + +{{- define "kubeflow.pipelines.mlPipeline.config.objectStore.accessKey.env.spec" -}} +{{- include "kubeflow.component.env.spec" ( + list + (include "kubeflow.pipelines.mlPipeline.config.objectStore.accessKey.env.name" . ) + .Values.pipelines.config.objectStore.existingSecretName + .Values.pipelines.config.objectStore.accessKey +) }} +{{- end }} + +{{- define "kubeflow.pipelines.mlPipeline.config.objectStore.secretAccessKey.env.spec" -}} +{{- include "kubeflow.component.env.spec" ( + list + (include "kubeflow.pipelines.mlPipeline.config.objectStore.secretAccessKey.env.name" . ) + .Values.pipelines.config.objectStore.existingSecretName + .Values.pipelines.config.objectStore.secretAccessKey +) }} +{{- end }} + +{{- define "kubeflow.pipelines.mlPipeline.config.objectStore.port.env.spec" -}} +{{- include "kubeflow.component.env.spec" ( + list + (include "kubeflow.pipelines.mlPipeline.config.objectStore.port.env.name" . ) + .Values.pipelines.config.objectStore.existingSecretName + .Values.pipelines.config.objectStore.port +) }} +{{- end }} + +{{- define "kubeflow.pipelines.mlPipeline.config.objectStore.region.env.spec" -}} +{{- include "kubeflow.component.env.spec" ( + list + (include "kubeflow.pipelines.mlPipeline.config.objectStore.region.env.name" . ) + .Values.pipelines.config.objectStore.existingSecretName + .Values.pipelines.config.objectStore.region +) }} +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.mlPipeline.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.mlPipeline.tpl new file mode 100644 index 00000000..01c46265 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.mlPipeline.tpl @@ -0,0 +1,220 @@ +{{/* +Kubeflow Pipelines ML Pipeline (api-server) object names. +*/}} +{{- define "kubeflow.pipelines.mlPipeline.baseName" -}} +{{- printf "ml-pipeline" }} +{{- end }} + +{{- define "kubeflow.pipelines.mlPipeline.name" -}} +{{- include "kubeflow.component.name" ( + list + (include "kubeflow.pipelines.mlPipeline.baseName" .) + . +)}} +{{- end }} + +{{- define "kubeflow.pipelines.mlPipeline.serviceAccountName" -}} +{{- include "kubeflow.component.serviceAccountName" ( + list + (include "kubeflow.pipelines.mlPipeline.name" .) + .Values.pipelines.mlPipeline.serviceAccount) +}} +{{- end }} + +{{- define "kubeflow.pipelines.mlPipeline.serviceAccountPrincipal" -}} +{{- include "kubeflow.component.serviceAccountPrincipal" ( + list + . + (include "kubeflow.pipelines.mlPipeline.serviceAccountName" .) +)}} +{{- end }} + +{{- define "kubeflow.pipelines.mlPipeline.roleName" -}} +{{- include "kubeflow.pipelines.mlPipeline.name" . }} +{{- end }} + +{{- define "kubeflow.pipelines.mlPipeline.roleBindingName" -}} +{{- include "kubeflow.pipelines.mlPipeline.roleName" . }} +{{- end }} + +{{/* +Kubeflow Pipelines ML Pipeline Service. +*/}} +{{- define "kubeflow.pipelines.mlPipeline.svc.name" -}} +{{ include "kubeflow.component.svc.name" ( + include "kubeflow.pipelines.mlPipeline.name" . +)}} +{{- end }} + +{{- define "kubeflow.pipelines.mlPipeline.svc.addressWithNs" -}} +{{ include "kubeflow.component.svc.addressWithNs" ( + list + . + (include "kubeflow.pipelines.mlPipeline.name" .) +)}} +{{- end }} + +{{- define "kubeflow.pipelines.mlPipeline.svc.addressWithSvc" -}} +{{ include "kubeflow.component.svc.addressWithSvc" ( + list + . + (include "kubeflow.pipelines.mlPipeline.name" .) +)}} +{{- end }} + +{{- define "kubeflow.pipelines.mlPipeline.svc.fqdn" -}} +{{ include "kubeflow.component.svc.fqdn" ( + list + . + (include "kubeflow.pipelines.mlPipeline.name" .) +)}} +{{- end }} + +{{/* +Kubeflow Pipelines ML Pipeline object labels. +*/}} +{{- define "kubeflow.pipelines.mlPipeline.labels" -}} +{{ include "kubeflow.common.labels" . }} +{{ include "kubeflow.component.labels" (include "kubeflow.pipelines.name" .) }} +{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.pipelines.mlPipeline.name" .) }} +{{- end }} + +{{- define "kubeflow.pipelines.mlPipeline.selectorLabels" -}} +{{ include "kubeflow.common.selectorLabels" . }} +{{ include "kubeflow.component.selectorLabels" (include "kubeflow.pipelines.name" .) }} +{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.pipelines.mlPipeline.name" .) }} +{{- end }} + +{{/* +Kubeflow Pipelines ML Pipeline container image settings. +*/}} +{{- define "kubeflow.pipelines.mlPipeline.image" -}} +{{- include "kubeflow.pipelines.image" ( + list + .Values.defaults.image + .Values.pipelines.defaults.image + .Values.pipelines.mlPipeline.image +)}} +{{- end }} + +{{- define "kubeflow.pipelines.mlPipeline.imagePullPolicy" -}} +{{- include "kubeflow.pipelines.imagePullPolicy" ( + list + .Values.defaults.image + .Values.pipelines.defaults.image + .Values.pipelines.mlPipeline.image +)}} +{{- end }} + + +{{/* +Kubeflow Pipelines ML Pipeline Autoscaling and Availability. +*/}} +{{- define "kubeflow.pipelines.mlPipeline.autoscaling.enabled" -}} +{{ include "kubeflow.component.autoscaling.enabled" (list .Values.defaults.autoscaling .Values.pipelines.mlPipeline.autoscaling) }} +{{- end }} + +{{- define "kubeflow.pipelines.mlPipeline.autoscaling.minReplicas" -}} +{{ include "kubeflow.component.autoscaling.minReplicas" (list .Values.defaults.autoscaling .Values.pipelines.mlPipeline.autoscaling) }} +{{- end }} + +{{- define "kubeflow.pipelines.mlPipeline.autoscaling.maxReplicas" -}} +{{ include "kubeflow.component.autoscaling.maxReplicas" (list .Values.defaults.autoscaling .Values.pipelines.mlPipeline.autoscaling) }} +{{- end }} + +{{- define "kubeflow.pipelines.mlPipeline.autoscaling.targetCPUUtilizationPercentage" -}} +{{ include "kubeflow.component.autoscaling.targetCPUUtilizationPercentage" (list .Values.defaults.autoscaling .Values.pipelines.mlPipeline.autoscaling) }} +{{- end }} + +{{- define "kubeflow.pipelines.mlPipeline.autoscaling.targetMemoryUtilizationPercentage" -}} +{{ include "kubeflow.component.autoscaling.targetMemoryUtilizationPercentage" (list .Values.defaults.autoscaling .Values.pipelines.mlPipeline.autoscaling) }} +{{- end }} + +{{- define "kubeflow.pipelines.mlPipeline.pdb.values" -}} +{{- include "kubeflow.component.pdb.values" ( + list + .Values.defaults.podDisruptionBudget + .Values.pipelines.mlPipeline.podDisruptionBudget +)}} +{{- end }} + +{{/* +Kubeflow Pipelines ML Pipeline Security Context. +*/}} +{{- define "kubeflow.pipelines.mlPipeline.containerSecurityContext" -}} +{{- include "kubeflow.component.containerSecurityContext" ( + list + .Values.defaults.containerSecurityContext + .Values.pipelines.mlPipeline.containerSecurityContext +)}} +{{- end }} + +{{/* +Kubeflow Pipelines ML Pipeline Scheduling. +*/}} +{{- define "kubeflow.pipelines.mlPipeline.topologySpreadConstraints" -}} +{{ include "kubeflow.component.topologySpreadConstraints" ( + list + .Values.defaults.topologySpreadConstraints + .Values.pipelines.mlPipeline.topologySpreadConstraints +)}} +{{- end }} + +{{- define "kubeflow.pipelines.mlPipeline.nodeSelector" -}} +{{ include "kubeflow.component.nodeSelector" ( + list + .Values.defaults.nodeSelector + .Values.pipelines.mlPipeline.nodeSelector +)}} +{{- end }} + +{{- define "kubeflow.pipelines.mlPipeline.tolerations" -}} +{{ include "kubeflow.component.tolerations" ( + list + .Values.defaults.tolerations + .Values.pipelines.mlPipeline.tolerations +)}} +{{- end }} + +{{- define "kubeflow.pipelines.mlPipeline.affinity" -}} +{{ include "kubeflow.component.affinity" ( + list + .Values.defaults.affinity + .Values.pipelines.mlPipeline.affinity +)}} +{{- end }} + +{{/* +Kubeflow Pipelines ML Pipeline enable and create toggles. +*/}} +{{- define "kubeflow.pipelines.mlPipeline.enabled" -}} +{{- ternary true "" ( + and + (include "kubeflow.pipelines.enabled" . | eq "true") + .Values.pipelines.mlPipeline.enabled +)}} +{{- end }} + +{{- define "kubeflow.pipelines.mlPipeline.rbac.createRoles" -}} +{{- ternary true "" ( + and + (include "kubeflow.pipelines.mlPipeline.enabled" . | eq "true") + .Values.pipelines.mlPipeline.rbac.create +)}} +{{- end }} + +{{- define "kubeflow.pipelines.mlPipeline.createServiceAccount" -}} +{{- ternary true "" ( + and + (include "kubeflow.pipelines.mlPipeline.enabled" . | eq "true") + .Values.pipelines.mlPipeline.serviceAccount.create +)}} +{{- end }} + +{{- define "kubeflow.pipelines.mlPipeline.createIstioIntegrationObjects" -}} +{{- ternary true "" ( + and + (include "kubeflow.pipelines.mlPipeline.enabled" . | eq "true" ) + .Values.istioIntegration.enabled +)}} +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.persistenceAgent.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.persistenceAgent.tpl new file mode 100644 index 00000000..8cabf331 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.persistenceAgent.tpl @@ -0,0 +1,208 @@ +{{/* +Kubeflow Pipelines Persistence Agent object names. +*/}} +{{- define "kubeflow.pipelines.persistenceAgent.baseName" -}} +{{- printf "ml-pipeline-persistenceagent" }} +{{- end }} + +{{- define "kubeflow.pipelines.persistenceAgent.name" -}} +{{- include "kubeflow.component.name" ( + list + (include "kubeflow.pipelines.persistenceAgent.baseName" .) + . +)}} +{{- end }} + +{{- define "kubeflow.pipelines.persistenceAgent.serviceAccountName" -}} +{{- include "kubeflow.component.serviceAccountName" ( + list + (include "kubeflow.pipelines.persistenceAgent.name" .) + .Values.pipelines.persistenceAgent.serviceAccount) +}} +{{- end }} + +{{- define "kubeflow.pipelines.persistenceAgent.serviceAccountPrincipal" -}} +{{- include "kubeflow.component.serviceAccountPrincipal" ( + list + . + (include "kubeflow.pipelines.persistenceAgent.serviceAccountName" .) +)}} +{{- end }} + +{{- define "kubeflow.pipelines.persistenceAgent.roleName" -}} +{{- include "kubeflow.pipelines.persistenceAgent.name" . }} +{{- end }} + +{{- define "kubeflow.pipelines.persistenceAgent.roleBindingName" -}} +{{- include "kubeflow.pipelines.persistenceAgent.roleName" . }} +{{- end }} + +{{/* +Kubeflow Pipelines Persistence Agent Service. +*/}} +{{- define "kubeflow.pipelines.persistenceAgent.svc.name" -}} +{{ include "kubeflow.component.svc.name" ( + include "kubeflow.pipelines.persistenceAgent.name" . +)}} +{{- end }} + +{{- define "kubeflow.pipelines.persistenceAgent.svc.addressWithNs" -}} +{{ include "kubeflow.component.svc.addressWithNs" ( + list + . + (include "kubeflow.pipelines.persistenceAgent.name" .) +)}} +{{- end }} + +{{- define "kubeflow.pipelines.persistenceAgent.svc.addressWithSvc" -}} +{{ include "kubeflow.component.svc.addressWithSvc" ( + list + . + (include "kubeflow.pipelines.persistenceAgent.name" .) +)}} +{{- end }} + +{{- define "kubeflow.pipelines.persistenceAgent.svc.fqdn" -}} +{{ include "kubeflow.component.svc.fqdn" ( + list + . + (include "kubeflow.pipelines.persistenceAgent.name" .) +)}} +{{- end }} + +{{/* +Kubeflow Pipelines Persistence Agent object labels. +*/}} +{{- define "kubeflow.pipelines.persistenceAgent.labels" -}} +{{ include "kubeflow.common.labels" . }} +{{ include "kubeflow.component.labels" (include "kubeflow.pipelines.name" .) }} +{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.pipelines.persistenceAgent.name" .) }} +{{- end }} + +{{- define "kubeflow.pipelines.persistenceAgent.selectorLabels" -}} +{{ include "kubeflow.common.selectorLabels" . }} +{{ include "kubeflow.component.selectorLabels" (include "kubeflow.pipelines.name" .) }} +{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.pipelines.persistenceAgent.name" .) }} +{{- end }} + +{{/* +Kubeflow Pipelines Persistence Agent container image settings. +*/}} +{{- define "kubeflow.pipelines.persistenceAgent.image" -}} +{{- include "kubeflow.pipelines.image" ( + list + .Values.defaults.image + .Values.pipelines.defaults.image + .Values.pipelines.persistenceAgent.image +)}} +{{- end }} + +{{- define "kubeflow.pipelines.persistenceAgent.imagePullPolicy" -}} +{{- include "kubeflow.pipelines.imagePullPolicy" ( + list + .Values.defaults.image + .Values.pipelines.defaults.image + .Values.pipelines.persistenceAgent.image +)}} +{{- end }} + + +{{/* +Kubeflow Pipelines Persistence Agent Autoscaling and Availability. +*/}} +{{- define "kubeflow.pipelines.persistenceAgent.autoscaling.enabled" -}} +{{ include "kubeflow.component.autoscaling.enabled" (list .Values.defaults.autoscaling .Values.pipelines.persistenceAgent.autoscaling) }} +{{- end }} + +{{- define "kubeflow.pipelines.persistenceAgent.autoscaling.minReplicas" -}} +{{ include "kubeflow.component.autoscaling.minReplicas" (list .Values.defaults.autoscaling .Values.pipelines.persistenceAgent.autoscaling) }} +{{- end }} + +{{- define "kubeflow.pipelines.persistenceAgent.autoscaling.maxReplicas" -}} +{{ include "kubeflow.component.autoscaling.maxReplicas" (list .Values.defaults.autoscaling .Values.pipelines.persistenceAgent.autoscaling) }} +{{- end }} + +{{- define "kubeflow.pipelines.persistenceAgent.autoscaling.targetCPUUtilizationPercentage" -}} +{{ include "kubeflow.component.autoscaling.targetCPUUtilizationPercentage" (list .Values.defaults.autoscaling .Values.pipelines.persistenceAgent.autoscaling) }} +{{- end }} + +{{- define "kubeflow.pipelines.persistenceAgent.autoscaling.targetMemoryUtilizationPercentage" -}} +{{ include "kubeflow.component.autoscaling.targetMemoryUtilizationPercentage" (list .Values.defaults.autoscaling .Values.pipelines.persistenceAgent.autoscaling) }} +{{- end }} + +{{- define "kubeflow.pipelines.persistenceAgent.pdb.values" -}} +{{- include "kubeflow.component.pdb.values" ( + list + .Values.defaults.podDisruptionBudget + .Values.pipelines.persistenceAgent.podDisruptionBudget +)}} +{{- end }} + +{{/* +Kubeflow Pipelines Persistence Agent Security Context. +*/}} +{{- define "kubeflow.pipelines.persistenceAgent.containerSecurityContext" -}} +{{- include "kubeflow.component.containerSecurityContext" ( + list + .Values.defaults.containerSecurityContext + .Values.pipelines.persistenceAgent.containerSecurityContext +)}} +{{- end }} + +{{/* +Kubeflow Pipelines Persistence Agent Scheduling. +*/}} +{{- define "kubeflow.pipelines.persistenceAgent.topologySpreadConstraints" -}} +{{ include "kubeflow.component.topologySpreadConstraints" ( + list + .Values.defaults.topologySpreadConstraints + .Values.pipelines.persistenceAgent.topologySpreadConstraints +)}} +{{- end }} + +{{- define "kubeflow.pipelines.persistenceAgent.nodeSelector" -}} +{{ include "kubeflow.component.nodeSelector" ( + list + .Values.defaults.nodeSelector + .Values.pipelines.persistenceAgent.nodeSelector +)}} +{{- end }} + +{{- define "kubeflow.pipelines.persistenceAgent.tolerations" -}} +{{ include "kubeflow.component.tolerations" ( + list + .Values.defaults.tolerations + .Values.pipelines.persistenceAgent.tolerations +)}} +{{- end }} + +{{- define "kubeflow.pipelines.persistenceAgent.affinity" -}} +{{ include "kubeflow.component.affinity" ( + list + .Values.defaults.affinity + .Values.pipelines.persistenceAgent.affinity +)}} +{{- end }} + +{{/* +Kubeflow Pipelines Persistence Agent enable and create toggles. +*/}} +{{- define "kubeflow.pipelines.persistenceAgent.enabled" -}} +{{- and + (include "kubeflow.pipelines.enabled" . | eq "true") + .Values.pipelines.persistenceAgent.enabled +}} +{{- end }} + +{{- define "kubeflow.pipelines.persistenceAgent.rbac.createRoles" -}} +{{- and + (include "kubeflow.pipelines.persistenceAgent.enabled" . | eq "true") + .Values.pipelines.persistenceAgent.rbac.create }} +{{- end }} + +{{- define "kubeflow.pipelines.persistenceAgent.createServiceAccount" -}} +{{- and + (include "kubeflow.pipelines.persistenceAgent.enabled" . | eq "true") + .Values.pipelines.persistenceAgent.serviceAccount.create +}} +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.profileController.config.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.profileController.config.tpl new file mode 100644 index 00000000..e32e67db --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.profileController.config.tpl @@ -0,0 +1,51 @@ +{{/* +Kubeflow Pipelines Profile Controller config. +*/}} + +{{/* +Environment names for object store config. +*/}} + +{{- define "kubeflow.pipelines.profileController.config.objectStore.host.env.name" -}} +{{- "MINIO_HOST" }} +{{- end }} + +{{- define "kubeflow.pipelines.profileController.config.objectStore.accessKey.env.name" -}} +{{- "MINIO_ACCESS_KEY" }} +{{- end }} + +{{- define "kubeflow.pipelines.profileController.config.objectStore.secretAccessKey.env.name" -}} +{{- "MINIO_SECRET_KEY" }} +{{- end }} + +{{/* +Environment Entries parametrization for object store configuration with plaintext +value or through Secrets. +*/}} + +{{- define "kubeflow.pipelines.profileController.config.objectStore.host.env.spec" -}} +{{- include "kubeflow.component.env.spec" ( + list + (include "kubeflow.pipelines.profileController.config.objectStore.host.env.name" . ) + .Values.pipelines.config.objectStore.existingSecretName + .Values.pipelines.config.objectStore.host +) }} +{{- end }} + +{{- define "kubeflow.pipelines.profileController.config.objectStore.accessKey.env.spec" -}} +{{- include "kubeflow.component.env.spec" ( + list + (include "kubeflow.pipelines.profileController.config.objectStore.accessKey.env.name" . ) + .Values.pipelines.config.objectStore.existingSecretName + .Values.pipelines.config.objectStore.accessKey +) }} +{{- end }} + +{{- define "kubeflow.pipelines.profileController.config.objectStore.secretAccessKey.env.spec" -}} +{{- include "kubeflow.component.env.spec" ( + list + (include "kubeflow.pipelines.profileController.config.objectStore.secretAccessKey.env.name" . ) + .Values.pipelines.config.objectStore.existingSecretName + .Values.pipelines.config.objectStore.secretAccessKey +) }} +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.profileController.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.profileController.tpl new file mode 100644 index 00000000..952cace6 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.profileController.tpl @@ -0,0 +1,227 @@ +{{/* +Kubeflow Pipelines Profile Controller object names. +*/}} +{{- define "kubeflow.pipelines.profileController.baseName" -}} +{{- printf "ml-pipeline-profile-controller" }} +{{- end }} + +{{- define "kubeflow.pipelines.profileController.name" -}} +{{- include "kubeflow.component.name" ( + list + (include "kubeflow.pipelines.profileController.baseName" .) + . +)}} +{{- end }} + +{{- define "kubeflow.pipelines.profileController.serviceAccountName" -}} +{{- include "kubeflow.component.serviceAccountName" ( + list + (include "kubeflow.pipelines.profileController.name" .) + .Values.pipelines.profileController.serviceAccount) +}} +{{- end }} + +{{- define "kubeflow.pipelines.profileController.serviceAccountPrincipal" -}} +{{- include "kubeflow.component.serviceAccountPrincipal" ( + list + . + (include "kubeflow.pipelines.profileController.serviceAccountName" .) +)}} +{{- end }} + +{{- define "kubeflow.pipelines.profileController.roleName" -}} +{{- include "kubeflow.pipelines.profileController.name" . }} +{{- end }} + +{{- define "kubeflow.pipelines.profileController.roleBindingName" -}} +{{- include "kubeflow.pipelines.profileController.roleName" . }} +{{- end }} + +{{- define "kubeflow.pipelines.profileController.configMapName" -}} +{{- printf "%s-%s" + (include "kubeflow.pipelines.profileController.name" .) + "sync" +}} +{{- end }} + +{{/* +Kubeflow Pipelines ML Pipeline Service. +*/}} +{{- define "kubeflow.pipelines.profileController.svc.name" -}} +{{ include "kubeflow.component.svc.name" ( + include "kubeflow.pipelines.profileController.name" . +)}} +{{- end }} + +{{- define "kubeflow.pipelines.profileController.svc.addressWithNs" -}} +{{ include "kubeflow.component.svc.addressWithNs" ( + list + . + (include "kubeflow.pipelines.profileController.name" .) +)}} +{{- end }} + +{{- define "kubeflow.pipelines.profileController.svc.addressWithSvc" -}} +{{ include "kubeflow.component.svc.addressWithSvc" ( + list + . + (include "kubeflow.pipelines.profileController.name" .) +)}} +{{- end }} + +{{- define "kubeflow.pipelines.profileController.svc.fqdn" -}} +{{ include "kubeflow.component.svc.fqdn" ( + list + . + (include "kubeflow.pipelines.profileController.name" .) +)}} +{{- end }} + +{{/* +Kubeflow Pipelines ML Pipeline object labels. +*/}} +{{- define "kubeflow.pipelines.profileController.labels" -}} +{{ include "kubeflow.common.labels" . }} +{{ include "kubeflow.component.labels" (include "kubeflow.pipelines.name" .) }} +{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.pipelines.profileController.name" .) }} +{{- end }} + +{{- define "kubeflow.pipelines.profileController.selectorLabels" -}} +{{ include "kubeflow.common.selectorLabels" . }} +{{ include "kubeflow.component.selectorLabels" (include "kubeflow.pipelines.name" .) }} +{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.pipelines.profileController.name" .) }} +{{- end }} + +{{/* +Kubeflow Pipelines ML Pipeline container image settings. +*/}} +{{- define "kubeflow.pipelines.profileController.image" -}} +{{- include "kubeflow.pipelines.image" ( + list + .Values.defaults.image + .Values.pipelines.defaults.image + .Values.pipelines.profileController.image +)}} +{{- end }} + +{{- define "kubeflow.pipelines.profileController.imagePullPolicy" -}} +{{- include "kubeflow.pipelines.imagePullPolicy" ( + list + .Values.defaults.image + .Values.pipelines.defaults.image + .Values.pipelines.profileController.image +)}} +{{- end }} + + +{{/* +Kubeflow Pipelines ML Pipeline Autoscaling and Availability. +*/}} +{{- define "kubeflow.pipelines.profileController.autoscaling.enabled" -}} +{{ include "kubeflow.component.autoscaling.enabled" (list .Values.defaults.autoscaling .Values.pipelines.profileController.autoscaling) }} +{{- end }} + +{{- define "kubeflow.pipelines.profileController.autoscaling.minReplicas" -}} +{{ include "kubeflow.component.autoscaling.minReplicas" (list .Values.defaults.autoscaling .Values.pipelines.profileController.autoscaling) }} +{{- end }} + +{{- define "kubeflow.pipelines.profileController.autoscaling.maxReplicas" -}} +{{ include "kubeflow.component.autoscaling.maxReplicas" (list .Values.defaults.autoscaling .Values.pipelines.profileController.autoscaling) }} +{{- end }} + +{{- define "kubeflow.pipelines.profileController.autoscaling.targetCPUUtilizationPercentage" -}} +{{ include "kubeflow.component.autoscaling.targetCPUUtilizationPercentage" (list .Values.defaults.autoscaling .Values.pipelines.profileController.autoscaling) }} +{{- end }} + +{{- define "kubeflow.pipelines.profileController.autoscaling.targetMemoryUtilizationPercentage" -}} +{{ include "kubeflow.component.autoscaling.targetMemoryUtilizationPercentage" (list .Values.defaults.autoscaling .Values.pipelines.profileController.autoscaling) }} +{{- end }} + +{{- define "kubeflow.pipelines.profileController.pdb.values" -}} +{{- include "kubeflow.component.pdb.values" ( + list + .Values.defaults.podDisruptionBudget + .Values.pipelines.profileController.podDisruptionBudget +)}} +{{- end }} + +{{/* +Kubeflow Pipelines ML Pipeline Security Context. +*/}} +{{- define "kubeflow.pipelines.profileController.containerSecurityContext" -}} +{{- include "kubeflow.component.containerSecurityContext" ( + list + .Values.defaults.containerSecurityContext + .Values.pipelines.profileController.containerSecurityContext +)}} +{{- end }} + +{{/* +Kubeflow Pipelines ML Pipeline Scheduling. +*/}} +{{- define "kubeflow.pipelines.profileController.topologySpreadConstraints" -}} +{{ include "kubeflow.component.topologySpreadConstraints" ( + list + .Values.defaults.topologySpreadConstraints + .Values.pipelines.profileController.topologySpreadConstraints +)}} +{{- end }} + +{{- define "kubeflow.pipelines.profileController.nodeSelector" -}} +{{ include "kubeflow.component.nodeSelector" ( + list + .Values.defaults.nodeSelector + .Values.pipelines.profileController.nodeSelector +)}} +{{- end }} + +{{- define "kubeflow.pipelines.profileController.tolerations" -}} +{{ include "kubeflow.component.tolerations" ( + list + .Values.defaults.tolerations + .Values.pipelines.profileController.tolerations +)}} +{{- end }} + +{{- define "kubeflow.pipelines.profileController.affinity" -}} +{{ include "kubeflow.component.affinity" ( + list + .Values.defaults.affinity + .Values.pipelines.profileController.affinity +)}} +{{- end }} + +{{/* +Kubeflow Pipelines ML Pipeline enable and create toggles. +*/}} +{{- define "kubeflow.pipelines.profileController.enabled" -}} +{{- ternary true "" ( + and + (include "kubeflow.pipelines.enabled" . | eq "true") + .Values.pipelines.profileController.enabled +)}} +{{- end }} + +{{- define "kubeflow.pipelines.profileController.rbac.createRoles" -}} +{{- ternary true "" ( + and + (include "kubeflow.pipelines.profileController.enabled" . | eq "true") + .Values.pipelines.profileController.rbac.create +)}} +{{- end }} + +{{- define "kubeflow.pipelines.profileController.createServiceAccount" -}} +{{- ternary true "" ( + and + (include "kubeflow.pipelines.profileController.enabled" . | eq "true") + .Values.pipelines.profileController.serviceAccount.create +)}} +{{- end }} + +{{- define "kubeflow.pipelines.profileController.createIstioIntegrationObjects" -}} +{{- ternary true "" ( + and + (include "kubeflow.pipelines.profileController.enabled" . | eq "true" ) + .Values.istioIntegration.enabled +)}} +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.scheduledWorkflow.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.scheduledWorkflow.tpl new file mode 100644 index 00000000..7fcad61e --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.scheduledWorkflow.tpl @@ -0,0 +1,209 @@ +{{/* +Kubeflow Pipelines Scheduled Workflow object names. +*/}} +{{- define "kubeflow.pipelines.scheduledWorkflow.baseName" -}} +{{- printf "ml-pipeline-scheduledworkflow" }} +{{- end }} + +{{- define "kubeflow.pipelines.scheduledWorkflow.name" -}} +{{- include "kubeflow.component.name" ( + list + (include "kubeflow.pipelines.scheduledWorkflow.baseName" .) + . +)}} +{{- end }} + +{{- define "kubeflow.pipelines.scheduledWorkflow.serviceAccountName" -}} +{{- include "kubeflow.component.serviceAccountName" ( + list + (include "kubeflow.pipelines.scheduledWorkflow.name" .) + .Values.pipelines.scheduledWorkflow.serviceAccount) +}} +{{- end }} + +{{- define "kubeflow.pipelines.scheduledWorkflow.serviceAccountPrincipal" -}} +{{- include "kubeflow.component.serviceAccountPrincipal" ( + list + . + (include "kubeflow.pipelines.scheduledWorkflow.serviceAccountName" .) +)}} +{{- end }} + +{{- define "kubeflow.pipelines.scheduledWorkflow.roleName" -}} +{{- include "kubeflow.pipelines.scheduledWorkflow.name" . }} +{{- end }} + +{{- define "kubeflow.pipelines.scheduledWorkflow.roleBindingName" -}} +{{- include "kubeflow.pipelines.scheduledWorkflow.roleName" . }} +{{- end }} + +{{/* +Kubeflow Pipelines Scheduled Workflow Service. +*/}} +{{- define "kubeflow.pipelines.scheduledWorkflow.svc.name" -}} +{{ include "kubeflow.component.svc.name" ( + include "kubeflow.pipelines.scheduledWorkflow.name" . +)}} +{{- end }} + +{{- define "kubeflow.pipelines.scheduledWorkflow.svc.addressWithNs" -}} +{{ include "kubeflow.component.svc.addressWithNs" ( + list + . + (include "kubeflow.pipelines.scheduledWorkflow.name" .) +)}} +{{- end }} + +{{- define "kubeflow.pipelines.scheduledWorkflow.svc.addressWithSvc" -}} +{{ include "kubeflow.component.svc.addressWithSvc" ( + list + . + (include "kubeflow.pipelines.scheduledWorkflow.name" .) +)}} +{{- end }} + +{{- define "kubeflow.pipelines.scheduledWorkflow.svc.fqdn" -}} +{{ include "kubeflow.component.svc.fqdn" ( + list + . + (include "kubeflow.pipelines.scheduledWorkflow.name" .) +)}} +{{- end }} + +{{/* +Kubeflow Pipelines Scheduled Workflow object labels. +*/}} +{{- define "kubeflow.pipelines.scheduledWorkflow.labels" -}} +{{ include "kubeflow.common.labels" . }} +{{ include "kubeflow.component.labels" (include "kubeflow.pipelines.name" .) }} +{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.pipelines.scheduledWorkflow.name" .) }} +{{- end }} + +{{- define "kubeflow.pipelines.scheduledWorkflow.selectorLabels" -}} +{{ include "kubeflow.common.selectorLabels" . }} +{{ include "kubeflow.component.selectorLabels" (include "kubeflow.pipelines.name" .) }} +{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.pipelines.scheduledWorkflow.name" .) }} +{{- end }} + +{{/* +Kubeflow Pipelines Scheduled Workflow container image settings. +*/}} +{{- define "kubeflow.pipelines.scheduledWorkflow.image" -}} +{{- include "kubeflow.pipelines.image" ( + list + .Values.defaults.image + .Values.pipelines.defaults.image + .Values.pipelines.scheduledWorkflow.image +)}} + +{{- end }} + +{{- define "kubeflow.pipelines.scheduledWorkflow.imagePullPolicy" -}} +{{- include "kubeflow.pipelines.imagePullPolicy" ( + list + .Values.defaults.image + .Values.pipelines.defaults.image + .Values.pipelines.scheduledWorkflow.image +)}} +{{- end }} + + +{{/* +Kubeflow Pipelines Scheduled Workflow Autoscaling and Availability. +*/}} +{{- define "kubeflow.pipelines.scheduledWorkflow.autoscaling.enabled" -}} +{{ include "kubeflow.component.autoscaling.enabled" (list .Values.defaults.autoscaling .Values.pipelines.scheduledWorkflow.autoscaling) }} +{{- end }} + +{{- define "kubeflow.pipelines.scheduledWorkflow.autoscaling.minReplicas" -}} +{{ include "kubeflow.component.autoscaling.minReplicas" (list .Values.defaults.autoscaling .Values.pipelines.scheduledWorkflow.autoscaling) }} +{{- end }} + +{{- define "kubeflow.pipelines.scheduledWorkflow.autoscaling.maxReplicas" -}} +{{ include "kubeflow.component.autoscaling.maxReplicas" (list .Values.defaults.autoscaling .Values.pipelines.scheduledWorkflow.autoscaling) }} +{{- end }} + +{{- define "kubeflow.pipelines.scheduledWorkflow.autoscaling.targetCPUUtilizationPercentage" -}} +{{ include "kubeflow.component.autoscaling.targetCPUUtilizationPercentage" (list .Values.defaults.autoscaling .Values.pipelines.scheduledWorkflow.autoscaling) }} +{{- end }} + +{{- define "kubeflow.pipelines.scheduledWorkflow.autoscaling.targetMemoryUtilizationPercentage" -}} +{{ include "kubeflow.component.autoscaling.targetMemoryUtilizationPercentage" (list .Values.defaults.autoscaling .Values.pipelines.scheduledWorkflow.autoscaling) }} +{{- end }} + +{{- define "kubeflow.pipelines.scheduledWorkflow.pdb.values" -}} +{{- include "kubeflow.component.pdb.values" ( + list + .Values.defaults.podDisruptionBudget + .Values.pipelines.scheduledWorkflow.podDisruptionBudget +)}} +{{- end }} + +{{/* +Kubeflow Pipelines Scheduled Workflow Security Context. +*/}} +{{- define "kubeflow.pipelines.scheduledWorkflow.containerSecurityContext" -}} +{{- include "kubeflow.component.containerSecurityContext" ( + list + .Values.defaults.containerSecurityContext + .Values.pipelines.scheduledWorkflow.containerSecurityContext +)}} +{{- end }} + +{{/* +Kubeflow Pipelines Scheduled Workflow Scheduling. +*/}} +{{- define "kubeflow.pipelines.scheduledWorkflow.topologySpreadConstraints" -}} +{{ include "kubeflow.component.topologySpreadConstraints" ( + list + .Values.defaults.topologySpreadConstraints + .Values.pipelines.scheduledWorkflow.topologySpreadConstraints +)}} +{{- end }} + +{{- define "kubeflow.pipelines.scheduledWorkflow.nodeSelector" -}} +{{ include "kubeflow.component.nodeSelector" ( + list + .Values.defaults.nodeSelector + .Values.pipelines.scheduledWorkflow.nodeSelector +)}} +{{- end }} + +{{- define "kubeflow.pipelines.scheduledWorkflow.tolerations" -}} +{{ include "kubeflow.component.tolerations" ( + list + .Values.defaults.tolerations + .Values.pipelines.scheduledWorkflow.tolerations +)}} +{{- end }} + +{{- define "kubeflow.pipelines.scheduledWorkflow.affinity" -}} +{{ include "kubeflow.component.affinity" ( + list + .Values.defaults.affinity + .Values.pipelines.scheduledWorkflow.affinity +)}} +{{- end }} + +{{/* +Kubeflow Pipelines Scheduled Workflow enable and create toggles. +*/}} +{{- define "kubeflow.pipelines.scheduledWorkflow.enabled" -}} +{{- and + (include "kubeflow.pipelines.enabled" . | eq "true") + .Values.pipelines.scheduledWorkflow.enabled +}} +{{- end }} + +{{- define "kubeflow.pipelines.scheduledWorkflow.rbac.createRoles" -}} +{{- and + (include "kubeflow.pipelines.scheduledWorkflow.enabled" . | eq "true") + .Values.pipelines.scheduledWorkflow.rbac.create }} +{{- end }} + +{{- define "kubeflow.pipelines.scheduledWorkflow.createServiceAccount" -}} +{{- and + (include "kubeflow.pipelines.scheduledWorkflow.enabled" . | eq "true") + .Values.pipelines.scheduledWorkflow.serviceAccount.create +}} +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.tpl new file mode 100644 index 00000000..b3218d9a --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.tpl @@ -0,0 +1,150 @@ +{{/* +Kubeflow Pipelines object names. +*/}} +{{- define "kubeflow.pipelines.baseName" -}} +{{- printf "pipelines" }} +{{- end }} + +{{- define "kubeflow.pipelines.baseRbacName" -}} +{{- printf "%s-%s" (include "kubeflow.fullname" .) (include "kubeflow.pipelines.name" .) }} +{{- end }} + +{{- define "kubeflow.pipelines.name" -}} +{{- include "kubeflow.component.name" ( + list + (include "kubeflow.pipelines.baseName" .) + . +)}} +{{- end }} + +{{- define "kubeflow.pipelines.rbac.cacheDeployer.serviceAccountName" -}} +{{- $saName := printf "%s-%s" (include "kubeflow.pipelines.baseRbacName" .) "cache-deployer" -}} +{{- include "kubeflow.component.serviceAccountName" (list $saName .Values.pipelines.serviceAccount) }} +{{- end }} + +{{- define "kubeflow.pipelines.rbac.cacheDeployer.clusterRoleName" -}} +{{- printf "%s-%s" (include "kubeflow.pipelines.baseRbacName" .) "cache-deployer" }} +{{- end }} + +{{- define "kubeflow.pipelines.rbac.cacheDeployer.clusterRoleBindingName" -}} +{{- include "kubeflow.pipelines.rbac.cacheDeployer.clusterRoleName" . }} +{{- end }} + +{{/* +Kubeflow Pipelines object labels. +*/}} +{{- define "kubeflow.pipelines.labels" -}} +{{ include "kubeflow.common.labels" . }} +{{ include "kubeflow.component.labels" (include "kubeflow.pipelines.name" .) }} +{{- end }} + +{{- define "kubeflow.pipelines.selectorLabels" -}} +{{ include "kubeflow.common.selectorLabels" . }} +{{ include "kubeflow.component.selectorLabels" (include "kubeflow.pipelines.name" .) }} +{{- end }} + +{{/* +Kubeflow Pipelines container image settings. +*/}} + +{{- define "kubeflow.pipelines.image" -}} +{{- $default := index . 0 -}} +{{- $pipelinesDefault := index . 1 -}} +{{- $component := index . 2 -}} +{{- $registry := default $default.registry (default $pipelinesDefault.registry $component.registryOverwrite) -}} +{{- $repository := $component.repository -}} +{{- $tag := default $pipelinesDefault.tag $component.tagOverwrite -}} +{{- printf "%s/%s:%s" $registry $repository $tag }} +{{- end }} + +{{- define "kubeflow.pipelines.imagePullPolicy" -}} +{{- $default := index . 0 -}} +{{- $pipelinesDefault := index . 1 -}} +{{- $component := index . 2 -}} +{{- $imagePullPolicy := default $default.pullPolicy (default $pipelinesDefault.pullPolicy $component.pullPolicyOverwrite) -}} +{{- $imagePullPolicy }} +{{- end }} + +{{/* +Kubeflow Pipelines Autoscaling and Availability. +*/}} +{{- define "kubeflow.pipelines.autoscaling.enabled" -}} +{{ include "kubeflow.component.autoscaling.enabled" (list .Values.defaults.autoscaling .Values.pipelines.autoscaling) }} +{{- end }} + +{{- define "kubeflow.pipelines.autoscaling.minReplicas" -}} +{{ include "kubeflow.component.autoscaling.minReplicas" (list .Values.defaults.autoscaling .Values.pipelines.autoscaling) }} +{{- end }} + +{{- define "kubeflow.pipelines.autoscaling.maxReplicas" -}} +{{ include "kubeflow.component.autoscaling.maxReplicas" (list .Values.defaults.autoscaling .Values.pipelines.autoscaling) }} +{{- end }} + +{{- define "kubeflow.pipelines.autoscaling.targetCPUUtilizationPercentage" -}} +{{ include "kubeflow.component.autoscaling.targetCPUUtilizationPercentage" (list .Values.defaults.autoscaling .Values.pipelines.autoscaling) }} +{{- end }} + +{{- define "kubeflow.pipelines.autoscaling.targetMemoryUtilizationPercentage" -}} +{{ include "kubeflow.component.autoscaling.targetMemoryUtilizationPercentage" (list .Values.defaults.autoscaling .Values.pipelines.autoscaling) }} +{{- end }} + +{{- define "kubeflow.pipelines.pdb.values" -}} +{{- include "kubeflow.component.pdb.values" ( + list + .Values.defaults.podDisruptionBudget + .Values.pipelines.podDisruptionBudget +)}} +{{- end }} + +{{/* +Kubeflow Pipelines Security Context. +*/}} +{{- define "kubeflow.pipelines.containerSecurityContext" -}} +{{ include "kubeflow.component.containerSecurityContext" ( + list + .Values.defaults.containerSecurityContext + .Values.pipelines.containerSecurityContext +)}} +{{- end }} + +{{/* +Kubeflow Pipelines Scheduling. +*/}} +{{- define "kubeflow.pipelines.topologySpreadConstraints" -}} +{{ include "kubeflow.component.topologySpreadConstraints" ( + list + .Values.defaults.topologySpreadConstraints + .Values.pipelines.topologySpreadConstraints +)}} +{{- end }} + +{{- define "kubeflow.pipelines.nodeSelector" -}} +{{ include "kubeflow.component.nodeSelector" ( + list + .Values.defaults.nodeSelector + .Values.pipelines.nodeSelector +)}} +{{- end }} + +{{- define "kubeflow.pipelines.tolerations" -}} +{{ include "kubeflow.component.tolerations" ( + list + .Values.defaults.tolerations + .Values.pipelines.tolerations +)}} +{{- end }} + +{{- define "kubeflow.pipelines.affinity" -}} +{{ include "kubeflow.component.affinity" ( + list + .Values.defaults.affinity + .Values.pipelines.affinity +)}} +{{- end }} + +{{/* +Kubeflow Pipelines enable and create toggles. +*/}} +{{- define "kubeflow.pipelines.enabled" -}} +{{- ternary true "" .Values.pipelines.enabled }} +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.ui.config.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.ui.config.tpl new file mode 100644 index 00000000..cb4c8c35 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.ui.config.tpl @@ -0,0 +1,51 @@ +{{/* +Kubeflow Pipelines UI config. +*/}} + +{{/* +Environment names for object store config. +*/}} + +{{- define "kubeflow.pipelines.ui.config.objectStore.host.env.name" -}} +{{- "MINIO_HOST" }} +{{- end }} + +{{- define "kubeflow.pipelines.ui.config.objectStore.accessKey.env.name" -}} +{{- "MINIO_ACCESS_KEY" }} +{{- end }} + +{{- define "kubeflow.pipelines.ui.config.objectStore.secretAccessKey.env.name" -}} +{{- "MINIO_SECRET_KEY" }} +{{- end }} + +{{/* +Environment Entries parametrization for object store configuration with plaintext +value or through Secrets. +*/}} + +{{- define "kubeflow.pipelines.ui.config.objectStore.host.env.spec" -}} +{{- include "kubeflow.component.env.spec" ( + list + (include "kubeflow.pipelines.ui.config.objectStore.host.env.name" . ) + .Values.pipelines.config.objectStore.existingSecretName + .Values.pipelines.config.objectStore.host +) }} +{{- end }} + +{{- define "kubeflow.pipelines.ui.config.objectStore.accessKey.env.spec" -}} +{{- include "kubeflow.component.env.spec" ( + list + (include "kubeflow.pipelines.ui.config.objectStore.accessKey.env.name" . ) + .Values.pipelines.config.objectStore.existingSecretName + .Values.pipelines.config.objectStore.accessKey +) }} +{{- end }} + +{{- define "kubeflow.pipelines.ui.config.objectStore.secretAccessKey.env.spec" -}} +{{- include "kubeflow.component.env.spec" ( + list + (include "kubeflow.pipelines.ui.config.objectStore.secretAccessKey.env.name" . ) + .Values.pipelines.config.objectStore.existingSecretName + .Values.pipelines.config.objectStore.secretAccessKey +) }} +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.ui.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.ui.tpl new file mode 100644 index 00000000..3dda1b1e --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.ui.tpl @@ -0,0 +1,233 @@ +{{/* +Kubeflow Pipelines UI (aka ml-pipeline-ui) object names. +*/}} +{{- define "kubeflow.pipelines.ui.baseName" -}} +{{- printf "ml-pipeline-ui" }} +{{- end }} + +{{- define "kubeflow.pipelines.ui.name" -}} +{{- include "kubeflow.component.name" ( + list + (include "kubeflow.pipelines.ui.baseName" .) + . +)}} +{{- end }} + +{{- define "kubeflow.pipelines.ui.serviceAccountName" -}} +{{- include "kubeflow.component.serviceAccountName" ( + list + (include "kubeflow.pipelines.ui.name" .) + .Values.pipelines.ui.serviceAccount) +}} +{{- end }} + +{{- define "kubeflow.pipelines.ui.serviceAccountPrincipal" -}} +{{- include "kubeflow.component.serviceAccountPrincipal" ( + list + . + (include "kubeflow.pipelines.ui.serviceAccountName" .) +)}} +{{- end }} + +{{- define "kubeflow.pipelines.ui.configMapName" -}} +{{- include "kubeflow.pipelines.ui.name" . }} +{{- end }} + +{{- define "kubeflow.pipelines.ui.roleName" -}} +{{- include "kubeflow.pipelines.ui.name" . }} +{{- end }} + +{{- define "kubeflow.pipelines.ui.roleBindingName" -}} +{{- include "kubeflow.pipelines.ui.roleName" . }} +{{- end }} + +{{- define "kubeflow.pipelines.ui.authorizationPolicyExtAuthName" -}} +{{ include "kubeflow.component.authorizationPolicyExtAuthName" ( + list + (include "kubeflow.pipelines.ui.name" .) + .Values.istioIntegration +)}} +{{- end }} + +{{/* +Kubeflow Pipelines UI Service. +*/}} +{{- define "kubeflow.pipelines.ui.svc.name" -}} +{{ include "kubeflow.component.svc.name" ( + include "kubeflow.pipelines.ui.name" . +)}} +{{- end }} + +{{- define "kubeflow.pipelines.ui.svc.addressWithNs" -}} +{{ include "kubeflow.component.svc.addressWithNs" ( + list + . + (include "kubeflow.pipelines.ui.name" .) +)}} +{{- end }} + +{{- define "kubeflow.pipelines.ui.svc.addressWithSvc" -}} +{{ include "kubeflow.component.svc.addressWithSvc" ( + list + . + (include "kubeflow.pipelines.ui.name" .) +)}} +{{- end }} + +{{- define "kubeflow.pipelines.ui.svc.fqdn" -}} +{{ include "kubeflow.component.svc.fqdn" ( + list + . + (include "kubeflow.pipelines.ui.name" .) +)}} +{{- end }} + +{{/* +Kubeflow Pipelines UI object labels. +*/}} +{{- define "kubeflow.pipelines.ui.labels" -}} +{{ include "kubeflow.common.labels" . }} +{{ include "kubeflow.component.labels" (include "kubeflow.pipelines.name" .) }} +{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.pipelines.ui.name" .) }} +{{- end }} + +{{- define "kubeflow.pipelines.ui.selectorLabels" -}} +{{ include "kubeflow.common.selectorLabels" . }} +{{ include "kubeflow.component.selectorLabels" (include "kubeflow.pipelines.name" .) }} +{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.pipelines.ui.name" .) }} +{{- end }} + +{{/* +Kubeflow Pipelines UI container image settings. +*/}} +{{- define "kubeflow.pipelines.ui.image" -}} +{{- include "kubeflow.pipelines.image" ( + list + .Values.defaults.image + .Values.pipelines.defaults.image + .Values.pipelines.ui.image +)}} + +{{- end }} + +{{- define "kubeflow.pipelines.ui.imagePullPolicy" -}} +{{- include "kubeflow.pipelines.imagePullPolicy" ( + list + .Values.defaults.image + .Values.pipelines.defaults.image + .Values.pipelines.ui.image +)}} +{{- end }} + + +{{/* +Kubeflow Pipelines UI Autoscaling and Availability. +*/}} +{{- define "kubeflow.pipelines.ui.autoscaling.enabled" -}} +{{ include "kubeflow.component.autoscaling.enabled" (list .Values.defaults.autoscaling .Values.pipelines.ui.autoscaling) }} +{{- end }} + +{{- define "kubeflow.pipelines.ui.autoscaling.minReplicas" -}} +{{ include "kubeflow.component.autoscaling.minReplicas" (list .Values.defaults.autoscaling .Values.pipelines.ui.autoscaling) }} +{{- end }} + +{{- define "kubeflow.pipelines.ui.autoscaling.maxReplicas" -}} +{{ include "kubeflow.component.autoscaling.maxReplicas" (list .Values.defaults.autoscaling .Values.pipelines.ui.autoscaling) }} +{{- end }} + +{{- define "kubeflow.pipelines.ui.autoscaling.targetCPUUtilizationPercentage" -}} +{{ include "kubeflow.component.autoscaling.targetCPUUtilizationPercentage" (list .Values.defaults.autoscaling .Values.pipelines.ui.autoscaling) }} +{{- end }} + +{{- define "kubeflow.pipelines.ui.autoscaling.targetMemoryUtilizationPercentage" -}} +{{ include "kubeflow.component.autoscaling.targetMemoryUtilizationPercentage" (list .Values.defaults.autoscaling .Values.pipelines.ui.autoscaling) }} +{{- end }} + +{{- define "kubeflow.pipelines.ui.pdb.values" -}} +{{- include "kubeflow.component.pdb.values" ( + list + .Values.defaults.podDisruptionBudget + .Values.pipelines.ui.podDisruptionBudget +)}} +{{- end }} + +{{/* +Kubeflow Pipelines UI Security Context. +*/}} +{{- define "kubeflow.pipelines.ui.containerSecurityContext" -}} +{{- include "kubeflow.component.containerSecurityContext" ( + list + .Values.defaults.containerSecurityContext + .Values.pipelines.ui.containerSecurityContext +)}} +{{- end }} + +{{/* +Kubeflow Pipelines UI Scheduling. +*/}} +{{- define "kubeflow.pipelines.ui.topologySpreadConstraints" -}} +{{ include "kubeflow.component.topologySpreadConstraints" ( + list + .Values.defaults.topologySpreadConstraints + .Values.pipelines.ui.topologySpreadConstraints +)}} +{{- end }} + +{{- define "kubeflow.pipelines.ui.nodeSelector" -}} +{{ include "kubeflow.component.nodeSelector" ( + list + .Values.defaults.nodeSelector + .Values.pipelines.ui.nodeSelector +)}} +{{- end }} + +{{- define "kubeflow.pipelines.ui.tolerations" -}} +{{ include "kubeflow.component.tolerations" ( + list + .Values.defaults.tolerations + .Values.pipelines.ui.tolerations +)}} +{{- end }} + +{{- define "kubeflow.pipelines.ui.affinity" -}} +{{ include "kubeflow.component.affinity" ( + list + .Values.defaults.affinity + .Values.pipelines.ui.affinity +)}} +{{- end }} + +{{/* +Kubeflow Pipelines UI enable and create toggles. +*/}} +{{- define "kubeflow.pipelines.ui.enabled" -}} +{{- ternary true "" ( + and + (include "kubeflow.pipelines.enabled" . | eq "true") + .Values.pipelines.ui.enabled +)}} +{{- end }} + +{{- define "kubeflow.pipelines.ui.rbac.createRoles" -}} +{{- ternary true "" ( + and + (include "kubeflow.pipelines.ui.enabled" . | eq "true") + .Values.pipelines.ui.rbac.create +)}} +{{- end }} + +{{- define "kubeflow.pipelines.ui.createServiceAccount" -}} +{{- ternary true "" ( + and + (include "kubeflow.pipelines.ui.enabled" . | eq "true") + .Values.pipelines.ui.serviceAccount.create +)}} +{{- end }} + +{{- define "kubeflow.pipelines.ui.createIstioIntegrationObjects" -}} +{{- ternary true "" ( + and + (include "kubeflow.pipelines.ui.enabled" . | eq "true" ) + .Values.istioIntegration.enabled +)}} +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.viewerCrd.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.viewerCrd.tpl new file mode 100644 index 00000000..59fb4d63 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.viewerCrd.tpl @@ -0,0 +1,209 @@ +{{/* +Kubeflow Pipelines ML Pipeline object names. +*/}} +{{- define "kubeflow.pipelines.viewerCrd.baseName" -}} +{{- printf "ml-pipeline-viewer-crd" }} +{{- end }} + +{{- define "kubeflow.pipelines.viewerCrd.name" -}} +{{- include "kubeflow.component.name" ( + list + (include "kubeflow.pipelines.viewerCrd.baseName" .) + . +)}} +{{- end }} + +{{- define "kubeflow.pipelines.viewerCrd.serviceAccountName" -}} +{{- include "kubeflow.component.serviceAccountName" ( + list + (include "kubeflow.pipelines.viewerCrd.name" .) + .Values.pipelines.viewerCrd.serviceAccount) +}} +{{- end }} + +{{- define "kubeflow.pipelines.viewerCrd.serviceAccountPrincipal" -}} +{{- include "kubeflow.component.serviceAccountPrincipal" ( + list + . + (include "kubeflow.pipelines.viewerCrd.serviceAccountName" .) +)}} +{{- end }} + +{{- define "kubeflow.pipelines.viewerCrd.roleName" -}} +{{- include "kubeflow.pipelines.viewerCrd.name" . }} +{{- end }} + +{{- define "kubeflow.pipelines.viewerCrd.roleBindingName" -}} +{{- include "kubeflow.pipelines.viewerCrd.roleName" . }} +{{- end }} + +{{/* +Kubeflow Pipelines ML Pipeline Service. +*/}} +{{- define "kubeflow.pipelines.viewerCrd.svc.name" -}} +{{ include "kubeflow.component.svc.name" ( + include "kubeflow.pipelines.viewerCrd.name" . +)}} +{{- end }} + +{{- define "kubeflow.pipelines.viewerCrd.svc.addressWithNs" -}} +{{ include "kubeflow.component.svc.addressWithNs" ( + list + . + (include "kubeflow.pipelines.viewerCrd.name" .) +)}} +{{- end }} + +{{- define "kubeflow.pipelines.viewerCrd.svc.addressWithSvc" -}} +{{ include "kubeflow.component.svc.addressWithSvc" ( + list + . + (include "kubeflow.pipelines.viewerCrd.name" .) +)}} +{{- end }} + +{{- define "kubeflow.pipelines.viewerCrd.svc.fqdn" -}} +{{ include "kubeflow.component.svc.fqdn" ( + list + . + (include "kubeflow.pipelines.viewerCrd.name" .) +)}} +{{- end }} + +{{/* +Kubeflow Pipelines ML Pipeline object labels. +*/}} +{{- define "kubeflow.pipelines.viewerCrd.labels" -}} +{{ include "kubeflow.common.labels" . }} +{{ include "kubeflow.component.labels" (include "kubeflow.pipelines.name" .) }} +{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.pipelines.viewerCrd.name" .) }} +{{- end }} + +{{- define "kubeflow.pipelines.viewerCrd.selectorLabels" -}} +{{ include "kubeflow.common.selectorLabels" . }} +{{ include "kubeflow.component.selectorLabels" (include "kubeflow.pipelines.name" .) }} +{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.pipelines.viewerCrd.name" .) }} +{{- end }} + +{{/* +Kubeflow Pipelines ML Pipeline container image settings. +*/}} +{{- define "kubeflow.pipelines.viewerCrd.image" -}} +{{- include "kubeflow.pipelines.image" ( + list + .Values.defaults.image + .Values.pipelines.defaults.image + .Values.pipelines.viewerCrd.image +)}} + +{{- end }} + +{{- define "kubeflow.pipelines.viewerCrd.imagePullPolicy" -}} +{{- include "kubeflow.pipelines.imagePullPolicy" ( + list + .Values.defaults.image + .Values.pipelines.defaults.image + .Values.pipelines.viewerCrd.image +)}} +{{- end }} + + +{{/* +Kubeflow Pipelines ML Pipeline Autoscaling and Availability. +*/}} +{{- define "kubeflow.pipelines.viewerCrd.autoscaling.enabled" -}} +{{ include "kubeflow.component.autoscaling.enabled" (list .Values.defaults.autoscaling .Values.pipelines.viewerCrd.autoscaling) }} +{{- end }} + +{{- define "kubeflow.pipelines.viewerCrd.autoscaling.minReplicas" -}} +{{ include "kubeflow.component.autoscaling.minReplicas" (list .Values.defaults.autoscaling .Values.pipelines.viewerCrd.autoscaling) }} +{{- end }} + +{{- define "kubeflow.pipelines.viewerCrd.autoscaling.maxReplicas" -}} +{{ include "kubeflow.component.autoscaling.maxReplicas" (list .Values.defaults.autoscaling .Values.pipelines.viewerCrd.autoscaling) }} +{{- end }} + +{{- define "kubeflow.pipelines.viewerCrd.autoscaling.targetCPUUtilizationPercentage" -}} +{{ include "kubeflow.component.autoscaling.targetCPUUtilizationPercentage" (list .Values.defaults.autoscaling .Values.pipelines.viewerCrd.autoscaling) }} +{{- end }} + +{{- define "kubeflow.pipelines.viewerCrd.autoscaling.targetMemoryUtilizationPercentage" -}} +{{ include "kubeflow.component.autoscaling.targetMemoryUtilizationPercentage" (list .Values.defaults.autoscaling .Values.pipelines.viewerCrd.autoscaling) }} +{{- end }} + +{{- define "kubeflow.pipelines.viewerCrd.pdb.values" -}} +{{- include "kubeflow.component.pdb.values" ( + list + .Values.defaults.podDisruptionBudget + .Values.pipelines.viewerCrd.podDisruptionBudget +)}} +{{- end }} + +{{/* +Kubeflow Pipelines ML Pipeline Security Context. +*/}} +{{- define "kubeflow.pipelines.viewerCrd.containerSecurityContext" -}} +{{- include "kubeflow.component.containerSecurityContext" ( + list + .Values.defaults.containerSecurityContext + .Values.pipelines.viewerCrd.containerSecurityContext +)}} +{{- end }} + +{{/* +Kubeflow Pipelines ML Pipeline Scheduling. +*/}} +{{- define "kubeflow.pipelines.viewerCrd.topologySpreadConstraints" -}} +{{ include "kubeflow.component.topologySpreadConstraints" ( + list + .Values.defaults.topologySpreadConstraints + .Values.pipelines.viewerCrd.topologySpreadConstraints +)}} +{{- end }} + +{{- define "kubeflow.pipelines.viewerCrd.nodeSelector" -}} +{{ include "kubeflow.component.nodeSelector" ( + list + .Values.defaults.nodeSelector + .Values.pipelines.viewerCrd.nodeSelector +)}} +{{- end }} + +{{- define "kubeflow.pipelines.viewerCrd.tolerations" -}} +{{ include "kubeflow.component.tolerations" ( + list + .Values.defaults.tolerations + .Values.pipelines.viewerCrd.tolerations +)}} +{{- end }} + +{{- define "kubeflow.pipelines.viewerCrd.affinity" -}} +{{ include "kubeflow.component.affinity" ( + list + .Values.defaults.affinity + .Values.pipelines.viewerCrd.affinity +)}} +{{- end }} + +{{/* +Kubeflow Pipelines ML Pipeline enable and create toggles. +*/}} +{{- define "kubeflow.pipelines.viewerCrd.enabled" -}} +{{- and + (include "kubeflow.pipelines.enabled" . | eq "true") + .Values.pipelines.viewerCrd.enabled +}} +{{- end }} + +{{- define "kubeflow.pipelines.viewerCrd.rbac.createRoles" -}} +{{- and + (include "kubeflow.pipelines.viewerCrd.enabled" . | eq "true") + .Values.pipelines.viewerCrd.rbac.create }} +{{- end }} + +{{- define "kubeflow.pipelines.viewerCrd.createServiceAccount" -}} +{{- and + (include "kubeflow.pipelines.viewerCrd.enabled" . | eq "true") + .Values.pipelines.viewerCrd.serviceAccount.create +}} +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.visualization.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.visualization.tpl new file mode 100644 index 00000000..e40b4663 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.visualization.tpl @@ -0,0 +1,213 @@ +{{/* +Kubeflow Pipelines Visualization object names. +*/}} +{{- define "kubeflow.pipelines.visualization.baseName" -}} +{{- printf "ml-pipeline-visualizationserver" }} +{{- end }} + +{{- define "kubeflow.pipelines.visualization.name" -}} +{{- include "kubeflow.component.name" ( + list + (include "kubeflow.pipelines.visualization.baseName" .) + . +)}} +{{- end }} + +{{- define "kubeflow.pipelines.visualization.serviceAccountName" -}} +{{- include "kubeflow.component.serviceAccountName" ( + list + (include "kubeflow.pipelines.visualization.name" .) + .Values.pipelines.visualization.serviceAccount) +}} +{{- end }} + +{{- define "kubeflow.pipelines.visualization.roleName" -}} +{{- include "kubeflow.pipelines.visualization.name" . }} +{{- end }} + +{{- define "kubeflow.pipelines.visualization.roleBindingName" -}} +{{- include "kubeflow.pipelines.visualization.roleName" . }} +{{- end }} + +{{/* +Kubeflow Pipelines Visualization Service. +*/}} +{{- define "kubeflow.pipelines.visualization.svc.name" -}} +{{ include "kubeflow.component.svc.name" ( + include "kubeflow.pipelines.visualization.name" . +)}} +{{- end }} + +{{- define "kubeflow.pipelines.visualization.svc.addressWithNs" -}} +{{ include "kubeflow.component.svc.addressWithNs" ( + list + . + (include "kubeflow.pipelines.visualization.name" .) +)}} +{{- end }} + +{{- define "kubeflow.pipelines.visualization.svc.addressWithSvc" -}} +{{ include "kubeflow.component.svc.addressWithSvc" ( + list + . + (include "kubeflow.pipelines.visualization.name" .) +)}} +{{- end }} + +{{- define "kubeflow.pipelines.visualization.svc.fqdn" -}} +{{ include "kubeflow.component.svc.fqdn" ( + list + . + (include "kubeflow.pipelines.visualization.name" .) +)}} +{{- end }} + +{{/* +Kubeflow Pipelines Visualization object labels. +*/}} +{{- define "kubeflow.pipelines.visualization.labels" -}} +{{ include "kubeflow.common.labels" . }} +{{ include "kubeflow.component.labels" (include "kubeflow.pipelines.name" .) }} +{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.pipelines.visualization.name" .) }} +{{- end }} + +{{- define "kubeflow.pipelines.visualization.selectorLabels" -}} +{{ include "kubeflow.common.selectorLabels" . }} +{{ include "kubeflow.component.selectorLabels" (include "kubeflow.pipelines.name" .) }} +{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.pipelines.visualization.name" .) }} +{{- end }} + +{{/* +Kubeflow Pipelines Visualization container image settings. +*/}} +{{- define "kubeflow.pipelines.visualization.image" -}} +{{- include "kubeflow.pipelines.image" ( + list + .Values.defaults.image + .Values.pipelines.defaults.image + .Values.pipelines.visualization.image +)}} + +{{- end }} + +{{- define "kubeflow.pipelines.visualization.imagePullPolicy" -}} +{{- include "kubeflow.pipelines.imagePullPolicy" ( + list + .Values.defaults.image + .Values.pipelines.defaults.image + .Values.pipelines.visualization.image +)}} +{{- end }} + + +{{/* +Kubeflow Pipelines Visualization Autoscaling and Availability. +*/}} +{{- define "kubeflow.pipelines.visualization.autoscaling.enabled" -}} +{{ include "kubeflow.component.autoscaling.enabled" (list .Values.defaults.autoscaling .Values.pipelines.visualization.autoscaling) }} +{{- end }} + +{{- define "kubeflow.pipelines.visualization.autoscaling.minReplicas" -}} +{{ include "kubeflow.component.autoscaling.minReplicas" (list .Values.defaults.autoscaling .Values.pipelines.visualization.autoscaling) }} +{{- end }} + +{{- define "kubeflow.pipelines.visualization.autoscaling.maxReplicas" -}} +{{ include "kubeflow.component.autoscaling.maxReplicas" (list .Values.defaults.autoscaling .Values.pipelines.visualization.autoscaling) }} +{{- end }} + +{{- define "kubeflow.pipelines.visualization.autoscaling.targetCPUUtilizationPercentage" -}} +{{ include "kubeflow.component.autoscaling.targetCPUUtilizationPercentage" (list .Values.defaults.autoscaling .Values.pipelines.visualization.autoscaling) }} +{{- end }} + +{{- define "kubeflow.pipelines.visualization.autoscaling.targetMemoryUtilizationPercentage" -}} +{{ include "kubeflow.component.autoscaling.targetMemoryUtilizationPercentage" (list .Values.defaults.autoscaling .Values.pipelines.visualization.autoscaling) }} +{{- end }} + +{{- define "kubeflow.pipelines.visualization.pdb.values" -}} +{{- include "kubeflow.component.pdb.values" ( + list + .Values.defaults.podDisruptionBudget + .Values.pipelines.visualization.podDisruptionBudget +)}} +{{- end }} + +{{/* +Kubeflow Pipelines Visualization Security Context. +*/}} +{{- define "kubeflow.pipelines.visualization.containerSecurityContext" -}} +{{- include "kubeflow.component.containerSecurityContext" ( + list + .Values.defaults.containerSecurityContext + .Values.pipelines.visualization.containerSecurityContext +)}} +{{- end }} + +{{/* +Kubeflow Pipelines Visualization Scheduling. +*/}} +{{- define "kubeflow.pipelines.visualization.topologySpreadConstraints" -}} +{{ include "kubeflow.component.topologySpreadConstraints" ( + list + .Values.defaults.topologySpreadConstraints + .Values.pipelines.visualization.topologySpreadConstraints +)}} +{{- end }} + +{{- define "kubeflow.pipelines.visualization.nodeSelector" -}} +{{ include "kubeflow.component.nodeSelector" ( + list + .Values.defaults.nodeSelector + .Values.pipelines.visualization.nodeSelector +)}} +{{- end }} + +{{- define "kubeflow.pipelines.visualization.tolerations" -}} +{{ include "kubeflow.component.tolerations" ( + list + .Values.defaults.tolerations + .Values.pipelines.visualization.tolerations +)}} +{{- end }} + +{{- define "kubeflow.pipelines.visualization.affinity" -}} +{{ include "kubeflow.component.affinity" ( + list + .Values.defaults.affinity + .Values.pipelines.visualization.affinity +)}} +{{- end }} + +{{/* +Kubeflow Pipelines Visualization enable and create toggles. +*/}} +{{- define "kubeflow.pipelines.visualization.enabled" -}} +{{- ternary true "" ( + and + (include "kubeflow.pipelines.enabled" . | eq "true") + .Values.pipelines.visualization.enabled +)}} +{{- end }} + +{{- define "kubeflow.pipelines.visualization.rbac.createRoles" -}} +{{- ternary true "" ( + and + (include "kubeflow.pipelines.visualization.enabled" . | eq "true") + .Values.pipelines.visualization.rbac.create +)}} +{{- end }} + +{{- define "kubeflow.pipelines.visualization.createServiceAccount" -}} +{{- ternary true "" ( + and + (include "kubeflow.pipelines.visualization.enabled" . | eq "true") + .Values.pipelines.visualization.serviceAccount.create +)}} +{{- end }} + +{{- define "kubeflow.pipelines.visualization.createIstioIntegrationObjects" -}} +{{- ternary true "" ( + and + (include "kubeflow.pipelines.visualization.enabled" . | eq "true" ) + .Values.istioIntegration.enabled +)}} +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.profilesController.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.profilesController.tpl new file mode 100644 index 00000000..1e317202 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.profilesController.tpl @@ -0,0 +1,205 @@ +{{/* +Kubeflow Profiles Controller object names. +TODO: define profilesController.manager, standardize kubeflow.component.name template (and maybe others) to include ctx either as always first or always last. +*/}} +{{- define "kubeflow.profilesController.baseName" -}} +{{- printf "profiles-controller" }} +{{- end }} + +{{- define "kubeflow.profilesController.name" -}} +{{- include "kubeflow.component.name" ( + list + (include "kubeflow.profilesController.baseName" .) + . +)}} +{{- end }} + +{{- define "kubeflow.profilesController.kfam.name" -}} +{{- printf "%s-%s" + (include "kubeflow.profilesController.name" .) + "kfam" +}} +{{- end }} + + +{{- define "kubeflow.profilesController.serviceAccountName" -}} +{{- include "kubeflow.component.serviceAccountName" ( + list + (include "kubeflow.profilesController.name" .) + .Values.profilesController.serviceAccount +)}} +{{- end }} + +{{/* +'cluster-admin' role should not be used... +This is the default in kubeflow/manifests and kubeflow/kubeflow. +TODO: use proper cluster role dedicated to profiles-controller. +*/}} +{{- define "kubeflow.profilesController.mainClusterRoleName" -}} +{{- printf "cluster-admin" -}} +{{- end }} + + +{{- define "kubeflow.profilesController.mainClusterRoleBindingName" -}} +{{- printf "%s-%s" + (include "kubeflow.fullname" .) + (include "kubeflow.profilesController.name" .) +}} +{{- end }} + +{{- define "kubeflow.profilesController.leaderElectionRoleName" -}} +{{- printf "%s-%s-%s" + (include "kubeflow.fullname" .) + (include "kubeflow.profilesController.name" .) + "leader-election" +}} +{{- end }} + +{{- define "kubeflow.profilesController.leaderElectionRoleBindingName" -}} +{{- include "kubeflow.profilesController.leaderElectionRoleName" . }} +{{- end }} + +{{- define "kubeflow.profilesController.namespaceLabelsConfigMapName" -}} +{{- printf "%s-%s" + (include "kubeflow.profilesController.name" .) + "namespace-labels" +}} +{{- end }} + +# --- +{{/* +Kubeflow Profiles Controller Service. +*/}} +{{- define "kubeflow.profilesController.kfam.svc.name" -}} +{{ include "kubeflow.component.svc.name" ( + include "kubeflow.profilesController.kfam.name" . +)}} +{{- end }} + +{{- define "kubeflow.profilesController.kfam.svc.addressWithNs" -}} +{{ include "kubeflow.component.svc.addressWithNs" ( + list + . + (include "kubeflow.profilesController.kfam.name" .) +)}} +{{- end }} + +{{- define "kubeflow.profilesController.kfam.svc.addressWithSvc" -}} +{{ include "kubeflow.component.svc.addressWithSvc" ( + list + . + (include "kubeflow.profilesController.kfam.name" .) +)}} +{{- end }} + +{{- define "kubeflow.profilesController.kfam.svc.fqdn" -}} +{{ include "kubeflow.component.svc.fqdn" ( + list + . + (include "kubeflow.profilesController.kfam.name" .) +)}} +{{- end }} + +{{/* +Kubeflow Profiles Controller object labels. +*/}} +{{- define "kubeflow.profilesController.labels" -}} +{{ include "kubeflow.common.labels" . }} +{{ include "kubeflow.component.labels" (include "kubeflow.profilesController.name" .) }} +{{- end }} + +{{- define "kubeflow.profilesController.selectorLabels" -}} +{{ include "kubeflow.common.selectorLabels" . }} +{{ include "kubeflow.component.selectorLabels" (include "kubeflow.profilesController.name" .) }} +{{- end }} + +{{/* +Kubeflow Profiles Controller container image settings. +*/}} +{{- define "kubeflow.profilesController.manager.image" -}} +{{ include "kubeflow.component.image" (list .Values.defaults.image .Values.profilesController.manager.image) }} +{{- end }} + +{{- define "kubeflow.profilesController.kfam.image" -}} +{{ include "kubeflow.component.image" (list .Values.defaults.image .Values.profilesController.kfam.image) }} +{{- end }} + +{{- define "kubeflow.profilesController.manager.imagePullPolicy" -}} +{{ include "kubeflow.component.imagePullPolicy" (list .Values.defaults.image .Values.profilesController.manager.image) }} +{{- end }} + +{{- define "kubeflow.profilesController.kfam.imagePullPolicy" -}} +{{ include "kubeflow.component.imagePullPolicy" (list .Values.defaults.image .Values.profilesController.kfam.image) }} +{{- end }} + +{{/* +Kubeflow Profiles Controller Autoscaling and Availability. +*/}} +{{- define "kubeflow.profilesController.autoscaling.enabled" -}} +{{ include "kubeflow.component.autoscaling.enabled" ( + list + .Values.defaults.autoscaling + .Values.profilesController.autoscaling +)}} +{{- end }} + +{{- define "kubeflow.profilesController.autoscaling.minReplicas" -}} +{{ include "kubeflow.component.autoscaling.minReplicas" (list .Values.defaults.autoscaling .Values.profilesController.autoscaling) }} +{{- end }} + +{{- define "kubeflow.profilesController.autoscaling.maxReplicas" -}} +{{ include "kubeflow.component.autoscaling.maxReplicas" (list .Values.defaults.autoscaling .Values.profilesController.autoscaling) }} +{{- end }} + +{{- define "kubeflow.profilesController.autoscaling.targetCPUUtilizationPercentage" -}} +{{ include "kubeflow.component.autoscaling.targetCPUUtilizationPercentage" (list .Values.defaults.autoscaling .Values.profilesController.autoscaling) }} +{{- end }} + +{{- define "kubeflow.profilesController.autoscaling.targetMemoryUtilizationPercentage" -}} +{{ include "kubeflow.component.autoscaling.targetMemoryUtilizationPercentage" (list .Values.defaults.autoscaling .Values.profilesController.autoscaling) }} +{{- end }} + +{{- define "kubeflow.profilesController.pdb.values" -}} +{{- include "kubeflow.component.pdb.values" ( + list + .Values.defaults.podDisruptionBudget + .Values.profilesController.podDisruptionBudget +)}} +{{- end }} + +{{/* +Kubeflow Profiles Controller enable and create toggles. +*/}} +{{- define "kubeflow.profilesController.enabled" -}} +{{- .Values.profilesController.enabled }} +{{- end }} + +{{- define "kubeflow.profilesController.createIstioIntegrationObjects" -}} +{{- ternary true "" ( + and + (include "kubeflow.profilesController.enabled" . | eq "true" ) + .Values.istioIntegration.enabled +)}} +{{- end }} + +{{- define "kubeflow.profilesController.rbac.createRoles" -}} +{{- and + (include "kubeflow.profilesController.enabled" . | eq "true") + .Values.profilesController.rbac.create }} +{{- end }} + +{{- define "kubeflow.profilesController.createServiceAccount" -}} +{{- and + (include "kubeflow.profilesController.enabled" . | eq "true") + .Values.profilesController.serviceAccount.create +}} +{{- end }} + +{{- define "kubeflow.profilesController.pdb.create" -}} +{{- include "kubeflow.component.pdb.create" ( + list + (include "kubeflow.profilesController.enabled" .) + .Values.defaults.podDisruptionBudget + .Values.profilesController.podDisruptionBudget +)}} +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.tensorboard.controller.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.tensorboard.controller.tpl new file mode 100644 index 00000000..d85efb99 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.tensorboard.controller.tpl @@ -0,0 +1,314 @@ +{{/* +Kubeflow Tensorboard Controller object names. +*/}} +{{- define "kubeflow.tensorboard.controller.baseName" -}} +{{- printf "tensorboard-controller" }} +{{- end }} + +{{- define "kubeflow.tensorboard.controller.name" -}} +{{- include "kubeflow.component.name" ( + list + (include "kubeflow.tensorboard.controller.baseName" .) + . +)}} +{{- end }} + +{{- define "kubeflow.tensorboard.controller.manager.name" -}} +{{- printf "%s-%s" + (include "kubeflow.tensorboard.controller.name" .) + "manager" +}} +{{- end }} + +{{- define "kubeflow.tensorboard.controller.kubeRbacProxy.name" -}} +{{- printf "%s-%s" + (include "kubeflow.tensorboard.controller.name" .) + "kube-rbac-proxy" +}} +{{- end }} + +{{- define "kubeflow.tensorboard.controller.serviceAccountName" -}} +{{- include "kubeflow.component.serviceAccountName" ( + list + (include "kubeflow.tensorboard.controller.name" .) + .Values.tensorboard.controller.serviceAccount +)}} +{{- end }} + +{{- define "kubeflow.tensorboard.controller.mainClusterRoleName" -}} +{{- printf "%s-%s" + (include "kubeflow.fullname" .) + (include "kubeflow.tensorboard.controller.name" .) +}} +{{- end }} + +{{- define "kubeflow.tensorboard.controller.mainClusterRoleBindingName" -}} +{{- include "kubeflow.tensorboard.controller.mainClusterRoleName" . }} +{{- end }} + +{{- define "kubeflow.tensorboard.controller.leaderElectionRoleName" -}} +{{- printf "%s-%s-%s" + (include "kubeflow.fullname" .) + (include "kubeflow.tensorboard.controller.name" .) + "leader-election" +}} +{{- end }} + +{{- define "kubeflow.tensorboard.controller.leaderElectionRoleBindingName" -}} +{{- include "kubeflow.tensorboard.controller.leaderElectionRoleName" . }} +{{- end }} + +{{- define "kubeflow.tensorboard.controller.metricsReaderClusterRoleName" -}} +{{- printf "%s-%s-%s" + (include "kubeflow.fullname" .) + (include "kubeflow.tensorboard.controller.name" .) + "metrics-reader" +}} +{{- end }} + +{{- define "kubeflow.tensorboard.controller.metricsReaderClusterRoleBindingName" -}} +{{- include "kubeflow.tensorboard.controller.metricsReaderClusterRoleName" . }} +{{- end }} + +{{- define "kubeflow.tensorboard.controller.proxyClusterRoleName" -}} +{{- printf "%s-%s-%s" + (include "kubeflow.fullname" .) + (include "kubeflow.tensorboard.controller.name" .) + "proxy" +}} +{{- end }} + +{{- define "kubeflow.tensorboard.controller.proxyClusterRoleBindingName" -}} +{{- include "kubeflow.tensorboard.controller.proxyClusterRoleName" . }} +{{- end }} + +{{/* +Kubeflow Tensorboard Controller Manager Metrics Service. +*/}} + +{{- define "kubeflow.tensorboard.controller.metricsService.svc.name" -}} +{{- printf "%s-%s" + ( include "kubeflow.component.svc.name" ( + include "kubeflow.tensorboard.controller.name" . + )) + "controller-manager-metrics-service" +}} +{{- end }} + +{{/* +Kubeflow Tensorboard Controller object labels. +*/}} +{{- define "kubeflow.tensorboard.controller.labels" -}} +{{ include "kubeflow.common.labels" . }} +{{ include "kubeflow.component.labels" (include "kubeflow.tensorboard.name" .) }} +{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.tensorboard.controller.name" .) }} +{{- end }} + +{{- define "kubeflow.tensorboard.controller.selectorLabels" -}} +{{ include "kubeflow.common.selectorLabels" . }} +{{ include "kubeflow.component.selectorLabels" (include "kubeflow.tensorboard.name" .) }} +{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.tensorboard.controller.name" .) }} +{{- end }} + +{{/* +Kubeflow Tensorboard Controller Manager container image settings. +*/}} +{{- define "kubeflow.tensorboard.controller.manager.image" -}} +{{ include "kubeflow.component.image" ( + list + .Values.defaults.image + .Values.tensorboard.controller.manager.image +)}} +{{- end }} + +{{- define "kubeflow.tensorboard.controller.manager.tensorboardImage" -}} +{{ include "kubeflow.component.image" ( + list + .Values.defaults.image + .Values.tensorboard.controller.manager.config.tensorboard.image +)}} +{{- end }} + +{{- define "kubeflow.tensorboard.controller.manager.imagePullPolicy" -}} +{{ include "kubeflow.component.imagePullPolicy" ( + list + .Values.defaults.image + .Values.tensorboard.controller.manager.image +)}} +{{- end }} + +{{/* +Kubeflow Tensorboard Controller Kube RBAC Proxy container image settings. +*/}} +{{- define "kubeflow.tensorboard.controller.kubeRbacProxy.image" -}} +{{ include "kubeflow.component.image" ( + list + .Values.defaults.image + .Values.tensorboard.controller.kubeRbacProxy.image +)}} +{{- end }} + +{{- define "kubeflow.tensorboard.controller.kubeRbacProxy.imagePullPolicy" -}} +{{ include "kubeflow.component.imagePullPolicy" ( + list + .Values.defaults.image + .Values.tensorboard.controller.kubeRbacProxy.image +)}} +{{- end }} + +{{/* +Kubeflow Tensorboard Controller Autoscaling and Availability. +*/}} +{{- define "kubeflow.tensorboard.controller.autoscaling.minReplicas" -}} +{{ include "kubeflow.component.autoscaling.minReplicas" ( + list + .Values.defaults.autoscaling + .Values.tensorboard.controller.autoscaling +)}} +{{- end }} + +{{- define "kubeflow.tensorboard.controller.autoscaling.maxReplicas" -}} +{{ include "kubeflow.component.autoscaling.maxReplicas" ( + list + .Values.defaults.autoscaling + .Values.tensorboard.controller.autoscaling +)}} +{{- end }} + +{{- define "kubeflow.tensorboard.controller.autoscaling.targetCPUUtilizationPercentage" -}} +{{ include "kubeflow.component.autoscaling.targetCPUUtilizationPercentage" ( + list + .Values.defaults.autoscaling + .Values.tensorboard.controller.autoscaling +)}} +{{- end }} + +{{- define "kubeflow.tensorboard.controller.autoscaling.targetMemoryUtilizationPercentage" -}} +{{ include "kubeflow.component.autoscaling.targetMemoryUtilizationPercentage" ( + list + .Values.defaults.autoscaling + .Values.tensorboard.controller.autoscaling +)}} +{{- end }} + +{{- define "kubeflow.tensorboard.controller.pdb.values" -}} +{{- include "kubeflow.component.pdb.values" ( + list + .Values.defaults.podDisruptionBudget + .Values.tensorboard.controller.podDisruptionBudget +)}} +{{- end }} + +{{/* +Kubeflow Tensorboard Controller Security Context. +*/}} +{{- define "kubeflow.tensorboard.controller.manager.containerSecurityContext" -}} +{{ include "kubeflow.component.containerSecurityContext" ( + list + .Values.defaults.containerSecurityContext + .Values.tensorboard.controller.manager.containerSecurityContext +)}} +{{- end }} + +{{- define "kubeflow.tensorboard.controller.kubeRbacProxy.containerSecurityContext" -}} +{{ include "kubeflow.component.containerSecurityContext" ( + list + .Values.defaults.containerSecurityContext + .Values.tensorboard.controller.kubeRbacProxy.containerSecurityContext +)}} +{{- end }} + +{{- define "kubeflow.tensorboard.controller.securityContext" -}} +{{ include "kubeflow.component.containerSecurityContext" ( + list + .Values.defaults.containerSecurityContext + .Values.tensorboard.controller.securityContext +)}} +{{- end }} + +{{/* +Kubeflow Tensorboard Controller Scheduling. +*/}} +{{- define "kubeflow.tensorboard.controller.topologySpreadConstraints" -}} +{{ include "kubeflow.component.topologySpreadConstraints" ( + list + .Values.defaults.topologySpreadConstraints + .Values.tensorboard.controller.topologySpreadConstraints +)}} +{{- end }} + +{{- define "kubeflow.tensorboard.controller.nodeSelector" -}} +{{ include "kubeflow.component.tolerations" ( + list + .Values.defaults.nodeSelector + .Values.tensorboard.controller.nodeSelector +)}} +{{- end }} + +{{- define "kubeflow.tensorboard.controller.tolerations" -}} +{{ include "kubeflow.component.tolerations" ( + list + .Values.defaults.tolerations + .Values.tensorboard.controller.tolerations +)}} +{{- end }} + +{{- define "kubeflow.tensorboard.controller.affinity" -}} +{{ include "kubeflow.component.affinity" ( + list + .Values.defaults.affinity + .Values.tensorboard.controller.affinity +)}} +{{- end }} + +{{- define "kubeflow.tensorboard.controller.terminationGracePeriodSeconds" -}} +{{ include "kubeflow.component.terminationGracePeriodSeconds" ( + list + .Values.defaults.terminationGracePeriodSeconds + .Values.tensorboard.controller.terminationGracePeriodSeconds +)}} +{{- end }} + +{{/* +Kubeflow Tensorboard Controller enable and create toggles. +*/}} +{{- define "kubeflow.tensorboard.controller.enabled" -}} +{{- ternary true "" ( + and + (include "kubeflow.tensorboard.enabled" . | eq "true") + .Values.tensorboard.controller.enabled +)}} +{{- end }} + +{{- define "kubeflow.tensorboard.controller.autoscaling.enabled" -}} +{{ include "kubeflow.component.autoscaling.enabled" ( + list + .Values.defaults.autoscaling + .Values.tensorboard.controller.autoscaling +)}} +{{- end }} + +{{- define "kubeflow.tensorboard.controller.rbac.createRoles" -}} +{{- ternary true "" ( + and + (include "kubeflow.tensorboard.controller.enabled" . | eq "true") + .Values.tensorboard.controller.rbac.create +)}} +{{- end }} + +{{- define "kubeflow.tensorboard.controller.createServiceAccount" -}} +{{- ternary true "" ( +and + (include "kubeflow.tensorboard.controller.enabled" . | eq "true") + .Values.tensorboard.controller.serviceAccount.create +)}} +{{- end }} + +{{- define "kubeflow.tensorboard.controller.pdb.create" -}} +{{- include "kubeflow.component.pdb.create" ( + list + (include "kubeflow.tensorboard.controller.enabled" .) + .Values.defaults.podDisruptionBudget + .Values.tensorboard.controller.podDisruptionBudget +)}} +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.tensorboard.tensorboardsWebApp.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.tensorboard.tensorboardsWebApp.tpl new file mode 100644 index 00000000..482aef7d --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.tensorboard.tensorboardsWebApp.tpl @@ -0,0 +1,220 @@ +{{/* +Kubeflow Tensorboard Tensorboards Web App object names. +*/}} +{{- define "kubeflow.tensorboard.tensorboardsWebApp.baseName" -}} +{{- printf "tensorboards-web-app" }} +{{- end }} + +{{- define "kubeflow.tensorboard.tensorboardsWebApp.name" -}} +{{- include "kubeflow.component.name" ( + list + (include "kubeflow.tensorboard.tensorboardsWebApp.baseName" .) + . +)}} +{{- end }} + +{{/* +Kubeflow Tensorboard Tensorboards Web App object labels. +*/}} +{{- define "kubeflow.tensorboard.tensorboardsWebApp.labels" -}} +{{ include "kubeflow.common.labels" . }} +{{ include "kubeflow.component.labels" (include "kubeflow.tensorboard.name" .) }} +{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.tensorboard.tensorboardsWebApp.name" .) }} +{{- end }} + +{{- define "kubeflow.tensorboard.tensorboardsWebApp.selectorLabels" -}} +{{ include "kubeflow.common.selectorLabels" . }} +{{ include "kubeflow.component.selectorLabels" (include "kubeflow.tensorboard.name" .) }} +{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.tensorboard.tensorboardsWebApp.name" .) }} +{{- end }} + +{{- define "kubeflow.tensorboard.tensorboardsWebApp.image" -}} +{{ include "kubeflow.component.image" (list .Values.defaults.image .Values.tensorboard.tensorboardsWebApp.image) }} +{{- end }} + +{{- define "kubeflow.tensorboard.tensorboardsWebApp.imagePullPolicy" -}} +{{ include "kubeflow.component.imagePullPolicy" (list .Values.defaults.image .Values.tensorboard.tensorboardsWebApp.image) }} +{{- end }} + +{{- define "kubeflow.tensorboard.tensorboardsWebApp.autoscaling.enabled" -}} +{{ include "kubeflow.component.autoscaling.enabled" (list .Values.defaults.autoscaling .Values.tensorboard.tensorboardsWebApp.autoscaling) }} +{{- end }} + +{{- define "kubeflow.tensorboard.tensorboardsWebApp.autoscaling.minReplicas" -}} +{{ include "kubeflow.component.autoscaling.minReplicas" (list .Values.defaults.autoscaling .Values.tensorboard.tensorboardsWebApp.autoscaling) }} +{{- end }} + +{{- define "kubeflow.tensorboard.tensorboardsWebApp.autoscaling.maxReplicas" -}} +{{ include "kubeflow.component.autoscaling.maxReplicas" (list .Values.defaults.autoscaling .Values.tensorboard.tensorboardsWebApp.autoscaling) }} +{{- end }} + +{{- define "kubeflow.tensorboard.tensorboardsWebApp.autoscaling.targetCPUUtilizationPercentage" -}} +{{ include "kubeflow.component.autoscaling.targetCPUUtilizationPercentage" (list .Values.defaults.autoscaling .Values.tensorboard.tensorboardsWebApp.autoscaling) }} +{{- end }} + +{{- define "kubeflow.tensorboard.tensorboardsWebApp.autoscaling.targetMemoryUtilizationPercentage" -}} +{{ include "kubeflow.component.autoscaling.targetMemoryUtilizationPercentage" (list .Values.defaults.autoscaling .Values.tensorboard.tensorboardsWebApp.autoscaling) }} +{{- end }} + +{{- define "kubeflow.tensorboard.tensorboardsWebApp.mainClusterRoleName" -}} +{{- printf "%s-%s" + (include "kubeflow.fullname" .) + (include "kubeflow.tensorboard.tensorboardsWebApp.name" .) +}} +{{- end }} + +{{- define "kubeflow.tensorboard.tensorboardsWebApp.mainClusterRoleBindingName" -}} +{{- include "kubeflow.tensorboard.tensorboardsWebApp.mainClusterRoleName" . }} +{{- end }} + +{{- define "kubeflow.tensorboard.tensorboardsWebApp.kfTenUiAdminClusterRoleName" -}} +{{- printf "%s-%s" (include "kubeflow.fullname" .) "tensorboards-ui-admin" }} +{{- end }} + +{{- define "kubeflow.tensorboard.tensorboardsWebApp.kfTenUiEditClusterRoleName" -}} +{{- printf "%s-%s" (include "kubeflow.fullname" .) "tensorboards-ui-edit" }} +{{- end }} + +{{- define "kubeflow.tensorboard.tensorboardsWebApp.kfTenUiViewClusterRoleName" -}} +{{- printf "%s-%s" (include "kubeflow.fullname" .) "tensorboards-ui-view" }} +{{- end }} + +{{/* +Kubeflow Tensorboard Tensorboards Web App enable and create toggles. +*/}} +{{- define "kubeflow.tensorboard.tensorboardsWebApp.enabled" -}} +{{- ternary true "" ( + and + (include "kubeflow.tensorboard.enabled" . | eq "true") + .Values.tensorboard.tensorboardsWebApp.enabled +)}} +{{- end }} + +{{- define "kubeflow.tensorboard.tensorboardsWebApp.createIstioIntegrationObjects" -}} +{{- ternary true "" ( + and + .Values.istioIntegration.enabled + (include "kubeflow.tensorboard.tensorboardsWebApp.enabled" . | eq "true" ) +)}} +{{- end }} + +{{- define "kubeflow.tensorboard.tensorboardsWebApp.rbac.createRoles" -}} +{{- ternary true "" ( + and + (include "kubeflow.tensorboard.tensorboardsWebApp.enabled" . | eq "true") + .Values.tensorboard.tensorboardsWebApp.rbac.create +)}} +{{- end }} + +{{- define "kubeflow.tensorboard.tensorboardsWebApp.createServiceAccount" -}} +{{- ternary true "" ( +and + (include "kubeflow.tensorboard.tensorboardsWebApp.enabled" . | eq "true") + .Values.tensorboard.tensorboardsWebApp.serviceAccount.create +)}} +{{- end }} + +{{- define "kubeflow.tensorboard.tensorboardsWebApp.serviceAccountName" -}} +{{- include "kubeflow.component.serviceAccountName" (list (include "kubeflow.tensorboard.tensorboardsWebApp.name" .) .Values.tensorboard.tensorboardsWebApp.serviceAccount) }} +{{- end }} + +{{- define "kubeflow.tensorboard.tensorboardsWebApp.authorizationPolicyExtAuthName" -}} +{{ include "kubeflow.component.authorizationPolicyExtAuthName" ( + list + (include "kubeflow.tensorboard.tensorboardsWebApp.name" .) + .Values.istioIntegration +)}} +{{- end }} + +{{/* +Kubeflow Tensorboard Tensorboards Web App Service. +*/}} +{{- define "kubeflow.tensorboard.tensorboardsWebApp.svc.name" -}} +{{ include "kubeflow.component.svc.name" ( + include "kubeflow.tensorboard.tensorboardsWebApp.name" . +)}} +{{- end }} + +{{- define "kubeflow.tensorboard.tensorboardsWebApp.svc.addressWithNs" -}} +{{ include "kubeflow.component.svc.addressWithNs" ( + list + . + (include "kubeflow.tensorboard.tensorboardsWebApp.name" .) +)}} +{{- end }} + +{{- define "kubeflow.tensorboard.tensorboardsWebApp.svc.addressWithSvc" -}} +{{ include "kubeflow.component.svc.addressWithSvc" ( + list + . + (include "kubeflow.tensorboard.tensorboardsWebApp.name" .) +)}} +{{- end }} + +{{- define "kubeflow.tensorboard.tensorboardsWebApp.svc.fqdn" -}} +{{ include "kubeflow.component.svc.fqdn" ( + list + . + (include "kubeflow.tensorboard.tensorboardsWebApp.name" .) +)}} +{{- end }} + +{{/* +Kubeflow Tensorboard Tensorboards Web App Security Context. +*/}} +{{- define "kubeflow.tensorboard.tensorboardsWebApp.containerSecurityContext" -}} +{{ include "kubeflow.component.containerSecurityContext" ( + list + .Values.defaults.containerSecurityContext + .Values.tensorboard.tensorboardsWebApp.containerSecurityContext +)}} +{{- end }} + +{{- define "kubeflow.tensorboard.tensorboardsWebApp.topologySpreadConstraints" -}} +{{ include "kubeflow.component.topologySpreadConstraints" ( + list + .Values.defaults.topologySpreadConstraints + .Values.tensorboard.tensorboardsWebApp.topologySpreadConstraints +)}} +{{- end }} + +{{- define "kubeflow.tensorboard.tensorboardsWebApp.nodeSelector" -}} +{{ include "kubeflow.component.nodeSelector" ( + list + .Values.defaults.nodeSelector + .Values.tensorboard.tensorboardsWebApp.nodeSelector +)}} +{{- end }} + +{{- define "kubeflow.tensorboard.tensorboardsWebApp.tolerations" -}} +{{ include "kubeflow.component.tolerations" ( + list + .Values.defaults.tolerations + .Values.tensorboard.tensorboardsWebApp.tolerations +)}} +{{- end }} + +{{- define "kubeflow.tensorboard.tensorboardsWebApp.affinity" -}} +{{ include "kubeflow.component.affinity" ( + list + .Values.defaults.affinity + .Values.tensorboard.tensorboardsWebApp.affinity +)}} +{{- end }} + +{{- define "kubeflow.tensorboard.tensorboardsWebApp.pdb.create" -}} +{{- include "kubeflow.component.pdb.create" ( + list + (include "kubeflow.tensorboard.tensorboardsWebApp.enabled" .) + .Values.defaults.podDisruptionBudget + .Values.tensorboard.tensorboardsWebApp.podDisruptionBudget +)}} +{{- end }} + +{{- define "kubeflow.tensorboard.tensorboardsWebApp.pdb.values" -}} +{{- include "kubeflow.component.pdb.values" ( + list + .Values.defaults.podDisruptionBudget + .Values.tensorboard.tensorboardsWebApp.podDisruptionBudget +)}} +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.tensorboard.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.tensorboard.tpl new file mode 100644 index 00000000..a341569c --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.tensorboard.tpl @@ -0,0 +1,126 @@ +{{/* +Kubeflow Tensorboard object names. +*/}} +{{- define "kubeflow.tensorboard.baseName" -}} +{{- printf "tensorboard" }} +{{- end }} + +{{- define "kubeflow.tensorboard.baseRbacName" -}} +{{- printf "%s-%s" (include "kubeflow.fullname" .) (include "kubeflow.tensorboard.name" .) }} +{{- end }} + +{{- define "kubeflow.tensorboard.name" -}} +{{- include "kubeflow.component.name" ( + list + (include "kubeflow.tensorboard.baseName" .) + . +)}} +{{- end }} + +{{/* +Kubeflow Tensorboard object labels. +*/}} +{{- define "kubeflow.tensorboard.labels" -}} +{{ include "kubeflow.common.labels" . }} +{{ include "kubeflow.component.labels" (include "kubeflow.tensorboard.name" .) }} +{{- end }} + +{{- define "kubeflow.tensorboard.selectorLabels" -}} +{{ include "kubeflow.common.selectorLabels" . }} +{{ include "kubeflow.component.selectorLabels" (include "kubeflow.tensorboard.name" .) }} +{{- end }} + +{{/* +Kubeflow Tensorboard container image settings. +*/}} +{{- define "kubeflow.tensorboard.image" -}} +{{ include "kubeflow.component.image" (list .Values.defaults.image .Values.tensorboard.image) }} +{{- end }} + +{{- define "kubeflow.tensorboard.imagePullPolicy" -}} +{{ include "kubeflow.component.imagePullPolicy" (list .Values.defaults.image .Values.tensorboard.image) }} +{{- end }} + +{{/* +Kubeflow Tensorboard Autoscaling and Availability. +*/}} +{{- define "kubeflow.tensorboard.autoscaling.enabled" -}} +{{ include "kubeflow.component.autoscaling.enabled" (list .Values.defaults.autoscaling .Values.tensorboard.autoscaling) }} +{{- end }} + +{{- define "kubeflow.tensorboard.autoscaling.minReplicas" -}} +{{ include "kubeflow.component.autoscaling.minReplicas" (list .Values.defaults.autoscaling .Values.tensorboard.autoscaling) }} +{{- end }} + +{{- define "kubeflow.tensorboard.autoscaling.maxReplicas" -}} +{{ include "kubeflow.component.autoscaling.maxReplicas" (list .Values.defaults.autoscaling .Values.tensorboard.autoscaling) }} +{{- end }} + +{{- define "kubeflow.tensorboard.autoscaling.targetCPUUtilizationPercentage" -}} +{{ include "kubeflow.component.autoscaling.targetCPUUtilizationPercentage" (list .Values.defaults.autoscaling .Values.tensorboard.autoscaling) }} +{{- end }} + +{{- define "kubeflow.tensorboard.autoscaling.targetMemoryUtilizationPercentage" -}} +{{ include "kubeflow.component.autoscaling.targetMemoryUtilizationPercentage" (list .Values.defaults.autoscaling .Values.tensorboard.autoscaling) }} +{{- end }} + +{{- define "kubeflow.tensorboard.pdb.values" -}} +{{- include "kubeflow.component.pdb.values" ( + list + .Values.defaults.podDisruptionBudget + .Values.tensorboard.podDisruptionBudget +)}} +{{- end }} + +{{/* +Kubeflow Tensorboard Security Context. +*/}} +{{- define "kubeflow.tensorboard.containerSecurityContext" -}} +{{ include "kubeflow.component.containerSecurityContext" ( + list + .Values.defaults.containerSecurityContext + .Values.tensorboard.containerSecurityContext +)}} +{{- end }} + +{{/* +Kubeflow Tensorboard Scheduling. +*/}} +{{- define "kubeflow.tensorboard.topologySpreadConstraints" -}} +{{ include "kubeflow.component.topologySpreadConstraints" ( + list + .Values.defaults.topologySpreadConstraints + .Values.tensorboard.topologySpreadConstraints +)}} +{{- end }} + +{{- define "kubeflow.tensorboard.nodeSelector" -}} +{{ include "kubeflow.component.nodeSelector" ( + list + .Values.defaults.nodeSelector + .Values.tensorboard.nodeSelector +)}} +{{- end }} + +{{- define "kubeflow.tensorboard.tolerations" -}} +{{ include "kubeflow.component.tolerations" ( + list + .Values.defaults.tolerations + .Values.tensorboard.tolerations +)}} +{{- end }} + +{{- define "kubeflow.tensorboard.affinity" -}} +{{ include "kubeflow.component.affinity" ( + list + .Values.defaults.affinity + .Values.tensorboard.affinity +)}} +{{- end }} + +{{/* +Kubeflow Tensorboard enable and create toggles. +*/}} +{{- define "kubeflow.tensorboard.enabled" -}} +{{- ternary true "" .Values.tensorboard.enabled }} +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.trainingOperator.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.trainingOperator.tpl new file mode 100644 index 00000000..f41eabe4 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.trainingOperator.tpl @@ -0,0 +1,234 @@ +{{/* +Kubeflow Training Operator object names. +*/}} +{{- define "kubeflow.trainingOperator.baseName" -}} +{{- printf "training-operator" }} +{{- end }} + +{{- define "kubeflow.trainingOperator.name" -}} +{{- include "kubeflow.component.name" ( + list + (include "kubeflow.trainingOperator.baseName" .) + . +)}} +{{- end }} + +{{- define "kubeflow.trainingOperator.serviceAccountName" -}} +{{- include "kubeflow.component.serviceAccountName" ( + list + (include "kubeflow.trainingOperator.name" .) + .Values.trainingOperator.serviceAccount +)}} +{{- end }} + +{{- define "kubeflow.trainingOperator.mainClusterRoleName" -}} +{{- printf "%s-%s" + (include "kubeflow.fullname" .) + (include "kubeflow.trainingOperator.name" .) +}} +{{- end }} + +{{- define "kubeflow.trainingOperator.mainClusterRoleBindingName" -}} +{{- include "kubeflow.trainingOperator.mainClusterRoleName" . }} +{{- end }} + +{{- define "kubeflow.trainingOperator.kfTrAdminClusterRoleName" -}} +{{- printf "%s-%s" (include "kubeflow.fullname" .) "training-admin" }} +{{- end }} + +{{- define "kubeflow.trainingOperator.kfTrEditClusterRoleName" -}} +{{- printf "%s-%s" (include "kubeflow.fullname" .) "training-edit" }} +{{- end }} + +{{- define "kubeflow.trainingOperator.kfTrViewClusterRoleName" -}} +{{- printf "%s-%s" (include "kubeflow.fullname" .) "training-view" }} +{{- end }} + +{{/* +Role Aggregation Rule Labels +*/}} +{{- define "kubeflow.trainingOperator.kfTrAdminClusterRoleLabel" -}} +{{- include "kubeflow.aggregationRule.labelBase" (include "kubeflow.trainingOperator.kfTrAdminClusterRoleName" .) -}} +{{- end }} + +{{/* +Kubeflow Training Operator Service. +*/}} +{{- define "kubeflow.trainingOperator.svc.name" -}} +{{ include "kubeflow.component.svc.name" ( + include "kubeflow.trainingOperator.name" . +)}} +{{- end }} + +{{/* +Kubeflow Training Operator object labels. +*/}} +{{- define "kubeflow.trainingOperator.labels" -}} +{{ include "kubeflow.common.labels" . }} +{{ include "kubeflow.component.labels" (include "kubeflow.trainingOperator.name" .) }} +{{- end }} + +{{- define "kubeflow.trainingOperator.selectorLabels" -}} +{{ include "kubeflow.common.selectorLabels" . }} +{{ include "kubeflow.component.selectorLabels" (include "kubeflow.trainingOperator.name" .) }} +{{- end }} + +{{/* +Kubeflow Training Operator container image settings. +*/}} +{{- define "kubeflow.trainingOperator.image" -}} +{{ include "kubeflow.component.image" ( + list + .Values.defaults.image + .Values.trainingOperator.image +)}} +{{- end }} + +{{- define "kubeflow.trainingOperator.imagePullPolicy" -}} +{{ include "kubeflow.component.imagePullPolicy" ( + list + .Values.defaults.image + .Values.trainingOperator.image +)}} +{{- end }} + +{{/* +Kubeflow Training Operator Autoscaling and Availability. +*/}} +{{- define "kubeflow.trainingOperator.autoscaling.minReplicas" -}} +{{ include "kubeflow.component.autoscaling.minReplicas" ( + list + .Values.defaults.autoscaling + .Values.trainingOperator.autoscaling +)}} +{{- end }} + +{{- define "kubeflow.trainingOperator.autoscaling.maxReplicas" -}} +{{ include "kubeflow.component.autoscaling.maxReplicas" ( + list + .Values.defaults.autoscaling + .Values.trainingOperator.autoscaling +)}} +{{- end }} + +{{- define "kubeflow.trainingOperator.autoscaling.targetCPUUtilizationPercentage" -}} +{{ include "kubeflow.component.autoscaling.targetCPUUtilizationPercentage" ( + list + .Values.defaults.autoscaling + .Values.trainingOperator.autoscaling +)}} +{{- end }} + +{{- define "kubeflow.trainingOperator.autoscaling.targetMemoryUtilizationPercentage" -}} +{{ include "kubeflow.component.autoscaling.targetMemoryUtilizationPercentage" ( + list + .Values.defaults.autoscaling + .Values.trainingOperator.autoscaling +)}} +{{- end }} + +{{- define "kubeflow.trainingOperator.pdb.values" -}} +{{- include "kubeflow.component.pdb.values" ( + list + .Values.defaults.podDisruptionBudget + .Values.trainingOperator.podDisruptionBudget +)}} +{{- end }} + +{{/* +Kubeflow Training Operator Security Context. +*/}} +{{- define "kubeflow.trainingOperator.containerSecurityContext" -}} +{{ include "kubeflow.component.containerSecurityContext" ( + list + .Values.defaults.containerSecurityContext + .Values.trainingOperator.containerSecurityContext +)}} +{{- end }} + +{{/* +Kubeflow Training Operator Scheduling. +*/}} +{{- define "kubeflow.trainingOperator.topologySpreadConstraints" -}} +{{ include "kubeflow.component.topologySpreadConstraints" ( + list + .Values.defaults.topologySpreadConstraints + .Values.trainingOperator.topologySpreadConstraints +)}} +{{- end }} + +{{- define "kubeflow.trainingOperator.nodeSelector" -}} +{{ include "kubeflow.component.nodeSelector" ( + list + .Values.defaults.nodeSelector + .Values.trainingOperator.nodeSelector +)}} +{{- end }} + +{{- define "kubeflow.trainingOperator.tolerations" -}} +{{ include "kubeflow.component.tolerations" ( + list + .Values.defaults.tolerations + .Values.trainingOperator.tolerations +)}} +{{- end }} + +{{- define "kubeflow.trainingOperator.affinity" -}} +{{ include "kubeflow.component.affinity" ( + list + .Values.defaults.affinity + .Values.trainingOperator.affinity +)}} +{{- end }} + +{{- define "kubeflow.trainingOperator.terminationGracePeriodSeconds" -}} +{{ include "kubeflow.component.terminationGracePeriodSeconds" ( + list + .Values.defaults.terminationGracePeriodSeconds + .Values.trainingOperator.terminationGracePeriodSeconds +)}} +{{- end }} + +{{/* +Kubeflow Training Operator enable and create toggles. +*/}} +{{- define "kubeflow.trainingOperator.enabled" -}} +{{- .Values.trainingOperator.enabled }} +{{- end }} + +{{- define "kubeflow.trainingOperator.autoscaling.enabled" -}} +{{ include "kubeflow.component.autoscaling.enabled" ( + list + .Values.defaults.autoscaling + .Values.trainingOperator.autoscaling +)}} +{{- end }} + +{{- define "kubeflow.trainingOperator.rbac.createRoles" -}} +{{- ternary true "" ( + and + (include "kubeflow.trainingOperator.enabled" . | eq "true") + .Values.trainingOperator.rbac.create +)}} +{{- end }} + +{{- define "kubeflow.trainingOperator.createServiceAccount" -}} +{{- ternary true "" ( +and + (include "kubeflow.trainingOperator.enabled" . | eq "true") + .Values.trainingOperator.serviceAccount.create +)}} +{{- end }} + +{{- define "kubeflow.trainingOperator.pdb.create" -}} +{{- include "kubeflow.component.pdb.create" ( + list + (include "kubeflow.trainingOperator.enabled" .) + .Values.defaults.podDisruptionBudget + .Values.trainingOperator.podDisruptionBudget +)}} +{{- end }} + +{{- define "kubeflow.trainingOperator.tlsCertSecretName" -}} +{{- printf "training-operator-webhook-cert" }} +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/validation.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/validation.tpl new file mode 100644 index 00000000..d484876b --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/validation.tpl @@ -0,0 +1,51 @@ +{{/* +Dex validations. +*/}} + +{{- if (ne .Values.dexIntegration.integrationType "internal" ) -}} +{{- fail "Currently only 'dexIntegration.integrationType: internal' is supported." -}} +{{- end }} + +{{- if (ne .Values.dexIntegration.integrationMode "istio" ) -}} +{{- fail "Currently only 'dexIntegration.integrationMode: istio' is supported." -}} +{{- end }} + +{{- if (ne .Values.pipelines.config.db.driver.value "mysql" ) -}} +{{- fail "Currently only 'pipelines.config.db.driver: mysql' is supported." -}} +{{- end }} + +{{/* +Kubeflow Pipelines validations. +*/}} + +# vars +{{- $hardcodedSecretName := "mlpipeline-minio-artifact" -}} +{{- $objectStoreCredentialsSecretKeyRefMessage := (.Files.Get "files/validation-messages/objectstore-accesskey-secretaccesskey-secret-ref.txt") -}} +{{- $secretConstraintsGeneralMessage := (.Files.Get "files/validation-messages/mlpipeline-minio-artifact.txt") -}} + +# Check if the secret name for object store is either nil or $hardcodedSecretName. +{{- range $key, $val := (dict + ".Values.pipelines.config.objectStore.existingSecretName" .Values.pipelines.config.objectStore.existingSecretName + ".Values.pipelines.config.objectStore.accessKey.secretKeyRef.name" .Values.pipelines.config.objectStore.accessKey.secretKeyRef.name + ".Values.pipelines.config.objectStore.secretAccessKey.secretKeyRef.name" .Values.pipelines.config.objectStore.secretAccessKey.secretKeyRef.name +) }} + {{- if not (has $val (list nil $hardcodedSecretName)) -}} + {{- fail (printf "%s must be one of [nil, '%s'], current value: %s\n\n%s" + $key $hardcodedSecretName $val $secretConstraintsGeneralMessage + ) }} + {{- end }} +{{- end }} + +# Check if objectStore accessKey and secretAccessKey references are the same. +{{- if (ne + .Values.pipelines.config.objectStore.accessKey.secretKeyRef.name + .Values.pipelines.config.objectStore.secretAccessKey.secretKeyRef.name +)}} +{{- fail (printf "%s\n%s" + $objectStoreCredentialsSecretKeyRefMessage + $secretConstraintsGeneralMessage +) -}} +{{- end }} + +{{/* +*/}} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_hpa.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_hpa.yaml new file mode 100644 index 00000000..d0957663 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_hpa.yaml @@ -0,0 +1,28 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "kubeflow.fullname" . }} + labels: + {{- include "kubeflow.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "kubeflow.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_ingress.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_ingress.yaml new file mode 100644 index 00000000..07285334 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_ingress.yaml @@ -0,0 +1,61 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "kubeflow.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "kubeflow.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_service.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_service.yaml new file mode 100644 index 00000000..4cdb4258 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "kubeflow.fullname" . }} + labels: + {{- include "kubeflow.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "kubeflow.selectorLabels" . | nindent 4 }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_serviceaccount.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_serviceaccount.yaml new file mode 100644 index 00000000..8cea7961 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "kubeflow.serviceAccountName" . }} + labels: + {{- include "kubeflow.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/certmanager.certificate.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/certmanager.certificate.yaml new file mode 100644 index 00000000..d53bfd94 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/certmanager.certificate.yaml @@ -0,0 +1,23 @@ +{{- if (include "kubeflow.admissionWebhook.enabledWithCertManager" . )}} + +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + labels: + {{- include "kubeflow.admissionWebhook.labels" . | nindent 4 }} + name: {{ include "kubeflow.admissionWebhook.certName" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + commonName: {{ include "kubeflow.admissionWebhook.certName" . }} + dnsNames: + - {{ include "kubeflow.admissionWebhook.svc.name" . }} + - {{ include "kubeflow.admissionWebhook.svc.addressWithNs" . }} + - {{ include "kubeflow.admissionWebhook.svc.addressWithSvc" . }} + - {{ include "kubeflow.admissionWebhook.svc.fqdn" . }} + isCA: true + issuerRef: + kind: Issuer + name: {{ include "kubeflow.admissionWebhook.certIssuerName" . }} + secretName: {{ include "kubeflow.admissionWebhook.tlsCertSecretName" . }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/certmanager.issuer.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/certmanager.issuer.yaml new file mode 100644 index 00000000..32d6fb74 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/certmanager.issuer.yaml @@ -0,0 +1,13 @@ +{{- if (include "kubeflow.admissionWebhook.enabledWithCertManager" . )}} + +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + labels: + {{- include "kubeflow.admissionWebhook.labels" . | nindent 4 }} + name: {{ include "kubeflow.admissionWebhook.certIssuerName" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + selfSigned: {} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/cluster-role-binding.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/cluster-role-binding.yaml new file mode 100644 index 00000000..6fbf8a8c --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/cluster-role-binding.yaml @@ -0,0 +1,18 @@ +{{- if (include "kubeflow.admissionWebhook.rbac.createRoles" . | eq "true" ) -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + {{- include "kubeflow.admissionWebhook.labels" . | nindent 4 }} + name: {{ include "kubeflow.admissionWebhook.mainClusterRoleBindingName" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "kubeflow.admissionWebhook.mainClusterRoleName" . }} +subjects: +- kind: ServiceAccount + name: {{ include "kubeflow.admissionWebhook.serviceAccountName" . }} + namespace: {{ include "kubeflow.namespace" . }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/clusterrole.main.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/clusterrole.main.yaml new file mode 100644 index 00000000..d06cc62d --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/clusterrole.main.yaml @@ -0,0 +1,23 @@ +{{- if (include "kubeflow.admissionWebhook.rbac.createRoles" . | eq "true") -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "kubeflow.admissionWebhook.labels" . | nindent 4 }} + name: {{ include "kubeflow.admissionWebhook.mainClusterRoleName" . }} +rules: +- apiGroups: + - kubeflow.org + resources: + - poddefaults + verbs: + - get + - watch + - list + - update + - create + - patch + - delete + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/clusterroles.user.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/clusterroles.user.yaml new file mode 100644 index 00000000..260a2836 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/clusterroles.user.yaml @@ -0,0 +1,52 @@ +{{- if (include "kubeflow.admissionWebhook.rbac.createRoles" . | eq "true") -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "kubeflow.admissionWebhook.labels" . | nindent 4 }} + {{- include "kubeflow.kubeflowRoles.kubeflowAdminRoleLabel" . | nindent 4 }} + name: {{ include "kubeflow.admissionWebhook.kfPdAdminClusterRoleName" . }} +aggregationRule: + clusterRoleSelectors: + - matchLabels: + {{- include "kubeflow.admissionWebhook.kfPdAdminClusterRoleLabel" . | nindent 6 }} +rules: [] + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "kubeflow.admissionWebhook.labels" . | nindent 4 }} + {{- include "kubeflow.kubeflowRoles.kubeflowEditRoleLabel" . | nindent 4 }} + name: {{ include "kubeflow.admissionWebhook.kfPdEditClusterRoleName" . }} +aggregationRule: + clusterRoleSelectors: + - matchLabels: + {{- include "kubeflow.admissionWebhook.kfPdEditClusterRoleLabel" . | nindent 6 }} +rules: [] + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "kubeflow.admissionWebhook.labels" . | nindent 4 }} + {{- include "kubeflow.kubeflowRoles.kubeflowViewRoleLabel" . | nindent 4 }} + {{- include "kubeflow.admissionWebhook.kfPdAdminClusterRoleLabel" . | nindent 4 }} + {{- include "kubeflow.admissionWebhook.kfPdEditClusterRoleLabel" . | nindent 4 }} + name: {{ include "kubeflow.admissionWebhook.kfPdViewClusterRoleName" . }} +rules: +- apiGroups: + - kubeflow.org + resources: + - poddefaults + verbs: + - get + - list + - watch + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/deployment.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/deployment.yaml new file mode 100644 index 00000000..25e4aba4 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/deployment.yaml @@ -0,0 +1,88 @@ +{{- if (include "kubeflow.admissionWebhook.enabled" . | eq "true") -}} + +{{- $autoscalingEnabled := include "kubeflow.admissionWebhook.autoscaling.enabled" . -}} +{{- $replicas := include "kubeflow.admissionWebhook.autoscaling.minReplicas" . -}} + +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + {{- include "kubeflow.admissionWebhook.labels" . | nindent 4 }} + name: {{ include "kubeflow.admissionWebhook.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + {{- if (eq $autoscalingEnabled "false") }} + replicas: {{ $replicas }} + {{- end }} + + selector: + matchLabels: + {{- include "kubeflow.admissionWebhook.selectorLabels" . | nindent 6 }} + + template: + metadata: + labels: + {{- include "kubeflow.admissionWebhook.selectorLabels" . | nindent 8 }} + + spec: + containers: + - name: {{ include "kubeflow.admissionWebhook.baseName" . }} + image: {{ include "kubeflow.admissionWebhook.image" . }} + imagePullPolicy: {{ include "kubeflow.admissionWebhook.imagePullPolicy" . }} + + args: + - --tlsCertFile=/etc/webhook/certs/tls.crt + - --tlsKeyFile=/etc/webhook/certs/tls.key + + ports: + - containerPort: {{ .Values.admissionWebhook.service.targetPort }} + name: https-webhook + + {{- with .Values.admissionWebhook.resources }} + resources: + {{- toYaml . | nindent 10 }} + {{- end }} + + volumeMounts: + - mountPath: /etc/webhook/certs + name: webhook-cert + readOnly: true + + {{- with include "kubeflow.admissionWebhook.containerSecurityContext" . }} + securityContext: + {{- . | nindent 10 }} + {{- end }} + + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + + serviceAccountName: {{ include "kubeflow.admissionWebhook.serviceAccountName" . }} + + volumes: + - name: webhook-cert + secret: + secretName: {{ include "kubeflow.admissionWebhook.tlsCertSecretName" . }} + + {{- with include "kubeflow.admissionWebhook.nodeSelector" . }} + nodeSelector: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.admissionWebhook.tolerations" . }} + tolerations: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.admissionWebhook.affinity" . }} + affinity: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.admissionWebhook.topologySpreadConstraints" . }} + topologySpreadConstraints: + {{- . | nindent 8 }} + {{- end }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/hpa.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/hpa.yaml new file mode 100644 index 00000000..ced53e74 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/hpa.yaml @@ -0,0 +1,36 @@ +{{- if (include "kubeflow.admissionWebhook.autoscaling.enabled" . | eq "true") -}} + +{{- $componentName := include "kubeflow.admissionWebhook.name" . -}} +{{- $minReplicas := include "kubeflow.admissionWebhook.autoscaling.minReplicas" . -}} +{{- $maxReplicas := include "kubeflow.admissionWebhook.autoscaling.maxReplicas" . -}} +{{- $targetCPUUtilizationPercentage := include "kubeflow.admissionWebhook.autoscaling.targetCPUUtilizationPercentage" . -}} +{{- $targetMemoryUtilizationPercentage := include "kubeflow.admissionWebhook.autoscaling.targetMemoryUtilizationPercentage" . -}} + +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + labels: + {{- include "kubeflow.admissionWebhook.labels" . | nindent 4 }} + name: {{ $componentName }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ $componentName }} + minReplicas: {{ $minReplicas }} + maxReplicas: {{ $maxReplicas }} + metrics: + {{- if $targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + targetAverageUtilization: {{ $targetCPUUtilizationPercentage }} + {{- end }} + {{- if $targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + targetAverageUtilization: {{ $targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/mutatingwebhook.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/mutatingwebhook.yaml new file mode 100644 index 00000000..f68da31c --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/mutatingwebhook.yaml @@ -0,0 +1,42 @@ +{{- if (include "kubeflow.admissionWebhook.enabled" .) -}} + +{{- $ca := printf "%s/%s" + (include "kubeflow.namespace" .) + (include "kubeflow.admissionWebhook.certName" .) +-}} + +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: {{ $ca }} + labels: + {{- include "kubeflow.admissionWebhook.labels" . | nindent 4 }} + name: {{ include "kubeflow.admissionWebhook.webhookName" . }} +webhooks: +- admissionReviewVersions: + - v1beta1 + - v1 + clientConfig: + caBundle: "" + service: + name: {{ include "kubeflow.admissionWebhook.svc.name" .}} + namespace: {{ include "kubeflow.namespace" . }} + path: /apply-poddefault + failurePolicy: Fail + name: {{ include "kubeflow.admissionWebhook.svc.addressWithSvc" . }} + namespaceSelector: + matchLabels: + {{- include "kubeflow.admissionWebhook.partOfLabel" . | nindent 6}} + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + resources: + - pods + sideEffects: None + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/poddisruptionbudget.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/poddisruptionbudget.yaml new file mode 100644 index 00000000..eb40ded0 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/poddisruptionbudget.yaml @@ -0,0 +1,18 @@ +{{- if (include "kubeflow.admissionWebhook.pdb.create" . | eq "true") -}} + +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + labels: + {{- include "kubeflow.admissionWebhook.labels" . | nindent 4 }} + name: {{ include "kubeflow.admissionWebhook.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + selector: + matchLabels: + {{- include "kubeflow.admissionWebhook.selectorLabels" . | nindent 6 }} + {{- with (include "kubeflow.admissionWebhook.pdb.values" .) }} + {{- . | nindent 2 }} + {{- end }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/service-account.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/service-account.yaml new file mode 100644 index 00000000..4dd2f725 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/service-account.yaml @@ -0,0 +1,15 @@ +{{- if (include "kubeflow.admissionWebhook.createServiceAccount" . | eq "true") -}} + +apiVersion: v1 +kind: ServiceAccount +metadata: + {{- with .Values.admissionWebhook.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "kubeflow.admissionWebhook.labels" . | nindent 4 }} + name: {{ include "kubeflow.admissionWebhook.serviceAccountName" . }} + namespace: {{ include "kubeflow.namespace" . }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/service.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/service.yaml new file mode 100644 index 00000000..188bd516 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/service.yaml @@ -0,0 +1,24 @@ +{{- if (include "kubeflow.admissionWebhook.enabled" . | eq "true") -}} + +apiVersion: v1 +kind: Service +metadata: + {{- with .Values.admissionWebhook.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "kubeflow.admissionWebhook.labels" . | nindent 4 }} + name: {{ include "kubeflow.admissionWebhook.svc.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + ports: + - name: https-webhook + port: {{ .Values.admissionWebhook.service.port }} + targetPort: https-webhook + selector: + {{- include "kubeflow.admissionWebhook.selectorLabels" . | nindent 4 }} + sessionAffinity: None + type: {{ .Values.admissionWebhook.service.type }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/authorizationpolicy.extAuthz.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/authorizationpolicy.extAuthz.yaml new file mode 100644 index 00000000..05f4f630 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/authorizationpolicy.extAuthz.yaml @@ -0,0 +1,41 @@ +{{- if and + (include "kubeflow.centraldashboard.createIstioIntegrationObjects" . | eq "true") + (include "kubeflow.istioIntegration.authorizationMode.granular" . | eq "true") +-}} + +# NOTE: this AuthorizationPolicy forces traffic through ext authz http extension +# so we don't have to provide configuration to allow traffic only from +# istio-ingressgateway. The .spec.rules.to.operations.notPaths is configured for +# CloudFlare integration and allows only static, non-secret assets to be +# accessible without the Istio Auth. + +apiVersion: security.istio.io/v1beta1 +kind: AuthorizationPolicy +metadata: + labels: + {{- include "kubeflow.centraldashboard.labels" . | nindent 4 }} + name: {{ include "kubeflow.centraldashboard.authorizationPolicyExtAuthName" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + action: CUSTOM + provider: + name: {{ .Values.istioIntegration.envoyExtAuthzHttpExtensionProviderName }} + rules: + - to: + - operation: + notPaths: + - /favicon* + - /webcomponentsjs* + - /vendor.bundle.js + - /app.bundle.js + - /dashboard_lib.bundle.js + - /assets* + - /app.css + # Exclude paths used by Knative healthchecks + - /metrics + - /healthz + selector: + matchLabels: + {{- include "kubeflow.centraldashboard.selectorLabels" . | nindent 6 }} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/authorizationpolicy.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/authorizationpolicy.yaml new file mode 100644 index 00000000..9466a5f4 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/authorizationpolicy.yaml @@ -0,0 +1,20 @@ +{{- if (include "kubeflow.centraldashboard.createIstioIntegrationObjects" .) -}} + +apiVersion: security.istio.io/v1beta1 +kind: AuthorizationPolicy +metadata: + labels: + {{- include "kubeflow.centraldashboard.labels" . | nindent 4 }} + name: {{ include "kubeflow.centraldashboard.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + selector: + matchLabels: + {{- include "kubeflow.centraldashboard.selectorLabels" . | nindent 6 }} + rules: + - from: + - source: + namespaces: + - {{ .Values.istioIntegration.ingressGatewayNamespace }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/clusterrole-binding.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/clusterrole-binding.yaml new file mode 100644 index 00000000..e4c35d5e --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/clusterrole-binding.yaml @@ -0,0 +1,18 @@ +{{- if (include "kubeflow.centraldashboard.rbac.createRoles" . | eq "true") -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + {{- include "kubeflow.centraldashboard.labels" . | nindent 4 }} + name: {{ include "kubeflow.centraldashboard.clusterRoleBindingName" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "kubeflow.centraldashboard.clusterRoleName" . }} +subjects: +- kind: ServiceAccount + name: {{ include "kubeflow.centraldashboard.serviceAccountName" . }} + namespace: {{ include "kubeflow.namespace" . }} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/clusterrole.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/clusterrole.yaml new file mode 100644 index 00000000..eaf15ddb --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/clusterrole.yaml @@ -0,0 +1,21 @@ +{{- if (include "kubeflow.centraldashboard.rbac.createRoles" . | eq "true") -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "kubeflow.centraldashboard.labels" . | nindent 4 }} + name: {{ include "kubeflow.centraldashboard.clusterRoleName" . }} +rules: +- apiGroups: + - "" + resources: + - events + - namespaces + - nodes + verbs: + - get + - list + - watch + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/configmap.centraldashboard-config.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/configmap.centraldashboard-config.yaml new file mode 100644 index 00000000..66524329 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/configmap.centraldashboard-config.yaml @@ -0,0 +1,18 @@ +{{- if (include "kubeflow.centraldashboard.enabled" . | eq "true") -}} + +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + {{- include "kubeflow.centraldashboard.labels" . | nindent 4 }} + name: {{ include "kubeflow.centraldashboard.config.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +data: + settings: |- + { + "DASHBOARD_FORCE_IFRAME": {{ .Values.centraldashboard.config.forceIFrame }} + } + links: |- + {{- .Values.centraldashboard.config.links | toJson | nindent 4 }} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/deployment.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/deployment.yaml new file mode 100644 index 00000000..e23efadd --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/deployment.yaml @@ -0,0 +1,99 @@ +{{- if (include "kubeflow.centraldashboard.enabled" . | eq "true") -}} + +{{- $autoscalingEnabled := include "kubeflow.centraldashboard.autoscaling.enabled" . -}} +{{- $replicas := include "kubeflow.centraldashboard.autoscaling.minReplicas" . -}} + +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + {{- include "kubeflow.centraldashboard.labels" . | nindent 4 }} + name: {{ include "kubeflow.centraldashboard.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + {{- if (eq $autoscalingEnabled "false") }} + replicas: {{ $replicas }} + {{- end }} + + selector: + matchLabels: + {{- include "kubeflow.centraldashboard.selectorLabels" . | nindent 6 }} + + template: + metadata: + labels: + {{- include "kubeflow.centraldashboard.selectorLabels" . | nindent 8 }} + + spec: + containers: + - name: {{ include "kubeflow.centraldashboard.baseName" . }} + image: {{ include "kubeflow.centraldashboard.image" . }} + imagePullPolicy: {{ include "kubeflow.centraldashboard.imagePullPolicy" . }} + + env: + - name: USERID_HEADER + value: {{ .Values.auth.userHeaderName | quote }} + - name: USERID_PREFIX + value: {{ .Values.auth.userIdPrefix | quote }} + - name: PROFILES_KFAM_SERVICE_HOST + value: {{ include "kubeflow.profilesController.kfam.svc.fqdn" . }} + - name: REGISTRATION_FLOW + value: {{ .Values.centraldashboard.config.enableRegistrationFlow | quote }} + - name: DASHBOARD_LINKS_CONFIGMAP + value: {{ include "kubeflow.centraldashboard.config.name" . }} + - name: LOGOUT_URL + value: {{ .Values.centraldashboard.config.logoutURL | quote }} + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + + ports: + - containerPort: 8082 + protocol: TCP + + livenessProbe: + httpGet: + path: /healthz + port: 8082 + initialDelaySeconds: 30 + periodSeconds: 30 + + {{- with .Values.centraldashboard.resources }} + resources: + {{- toYaml . | nindent 10 }} + {{- end }} + + {{- with include "kubeflow.centraldashboard.containerSecurityContext" . }} + securityContext: + {{- . | nindent 10 }} + {{- end }} + + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + + serviceAccountName: {{ include "kubeflow.centraldashboard.serviceAccountName" . }} + + {{- with include "kubeflow.centraldashboard.nodeSelector" . }} + nodeSelector: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.centraldashboard.tolerations" . }} + tolerations: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.centraldashboard.affinity" . }} + affinity: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.centraldashboard.topologySpreadConstraints" . }} + topologySpreadConstraints: + {{- . | nindent 8 }} + {{- end }} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/hpa.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/hpa.yaml new file mode 100644 index 00000000..7847d47c --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/hpa.yaml @@ -0,0 +1,36 @@ +{{- if (include "kubeflow.centraldashboard.autoscaling.enabled" . | eq "true") -}} + +{{- $componentName := include "kubeflow.centraldashboard.name" . -}} +{{- $minReplicas := include "kubeflow.centraldashboard.autoscaling.minReplicas" . -}} +{{- $maxReplicas := include "kubeflow.centraldashboard.autoscaling.maxReplicas" . -}} +{{- $targetCPUUtilizationPercentage := include "kubeflow.centraldashboard.autoscaling.targetCPUUtilizationPercentage" . -}} +{{- $targetMemoryUtilizationPercentage := include "kubeflow.centraldashboard.autoscaling.targetMemoryUtilizationPercentage" . -}} + +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + labels: + {{- include "kubeflow.centraldashboard.labels" . | nindent 4 }} + name: {{ $componentName }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ $componentName }} + minReplicas: {{ $minReplicas }} + maxReplicas: {{ $maxReplicas }} + metrics: + {{- if $targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + targetAverageUtilization: {{ $targetCPUUtilizationPercentage }} + {{- end }} + {{- if $targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + targetAverageUtilization: {{ $targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/poddisruptionbudget.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/poddisruptionbudget.yaml new file mode 100644 index 00000000..3d1b7d08 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/poddisruptionbudget.yaml @@ -0,0 +1,18 @@ +{{- if (include "kubeflow.centraldashboard.pdb.create" . | eq "true") -}} + +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + labels: + {{- include "kubeflow.centraldashboard.labels" . | nindent 4 }} + name: {{ include "kubeflow.centraldashboard.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + selector: + matchLabels: + {{- include "kubeflow.centraldashboard.selectorLabels" . | nindent 6 }} + {{- with (include "kubeflow.centraldashboard.pdb.values" .) }} + {{- . | nindent 2 }} + {{- end }} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/role-binding.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/role-binding.yaml new file mode 100644 index 00000000..ffe58d2c --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/role-binding.yaml @@ -0,0 +1,19 @@ +{{- if (include "kubeflow.centraldashboard.rbac.createRoles" . | eq "true") -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + {{- include "kubeflow.centraldashboard.labels" . | nindent 4 }} + name: {{ include "kubeflow.centraldashboard.roleBindingName" . }} + namespace: {{ include "kubeflow.namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "kubeflow.centraldashboard.roleName" . }} +subjects: +- kind: ServiceAccount + name: {{ include "kubeflow.centraldashboard.serviceAccountName" . }} + namespace: {{ include "kubeflow.namespace" . }} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/role.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/role.yaml new file mode 100644 index 00000000..e9cd371b --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/role.yaml @@ -0,0 +1,31 @@ +{{- if (include "kubeflow.centraldashboard.rbac.createRoles" . | eq "true") -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + {{- include "kubeflow.centraldashboard.labels" . | nindent 4 }} + name: {{ include "kubeflow.centraldashboard.roleName" . }} + namespace: {{ include "kubeflow.namespace" . }} +rules: +- apiGroups: + - "" + - "app.k8s.io" + resources: + - applications + - pods + - pods/exec + - pods/log + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - get + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/service-account.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/service-account.yaml new file mode 100644 index 00000000..2fa04106 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/service-account.yaml @@ -0,0 +1,15 @@ +{{- if (include "kubeflow.centraldashboard.createServiceAccount" . | eq "true") -}} + +apiVersion: v1 +kind: ServiceAccount +metadata: + {{- with .Values.centraldashboard.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "kubeflow.centraldashboard.labels" . | nindent 4 }} + name: {{ include "kubeflow.centraldashboard.serviceAccountName" . }} + namespace: {{ include "kubeflow.namespace" . }} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/service.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/service.yaml new file mode 100644 index 00000000..9dd2352b --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/service.yaml @@ -0,0 +1,25 @@ +{{- if (include "kubeflow.centraldashboard.enabled" . | eq "true") -}} + +apiVersion: v1 +kind: Service +metadata: + {{- with .Values.centraldashboard.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "kubeflow.centraldashboard.labels" . | nindent 4 }} + name: {{ include "kubeflow.centraldashboard.svc.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 8082 + selector: + {{- include "kubeflow.centraldashboard.selectorLabels" . | nindent 4 }} + sessionAffinity: None + type: {{ .Values.centraldashboard.service.type }} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/virtual-service.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/virtual-service.yaml new file mode 100644 index 00000000..8bdc1f5e --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/virtual-service.yaml @@ -0,0 +1,27 @@ +{{- if (include "kubeflow.centraldashboard.createIstioIntegrationObjects" . | eq "true") -}} + +apiVersion: networking.istio.io/v1beta1 +kind: VirtualService +metadata: + labels: + {{- include "kubeflow.centraldashboard.labels" . | nindent 4 }} + name: {{ include "kubeflow.centraldashboard.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + gateways: + - {{ .Values.istioIntegration.gateway.name }} + hosts: + - '*' + http: + - match: + - uri: + prefix: / + rewrite: + uri: / + route: + - destination: + host: {{ include "kubeflow.centraldashboard.svc.fqdn" . }} + port: + number: 80 + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/dex-integration/virtualservice.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/dex-integration/virtualservice.yaml new file mode 100644 index 00000000..ba581a5c --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/dex-integration/virtualservice.yaml @@ -0,0 +1,29 @@ +{{- if (include "kubeflow.dexIntegration.istio.enabled" . | eq "true") -}} + +{{- $vsName := include "kubeflow.dexIntegration.name" . -}} +{{- $svcName := .Values.dexIntegration.svc.name -}} +{{- $svcNamespace := .Values.dexIntegration.svc.namespace -}} + +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + labels: + {{- include "kubeflow.dexIntegration.labels" . | nindent 4 }} + name: {{ $vsName }} + namespace: {{ $svcNamespace }} +spec: + gateways: + - {{ include "kubeflow.namespace" . }}/{{ .Values.istioIntegration.gateway.name }} + hosts: + - "{{ default "*" .Values.dexIntegration.host }}" + http: + - match: + - uri: + prefix: {{ .Values.dexIntegration.urlPrefix }}/ + route: + - destination: + host: {{ include "kubeflow.dexIntegration.svc.fqdn" . }} + port: + number: {{ .Values.dexIntegration.svc.port }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/cluster-jwks-proxy/deployment.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/cluster-jwks-proxy/deployment.yaml new file mode 100644 index 00000000..b5c8526e --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/cluster-jwks-proxy/deployment.yaml @@ -0,0 +1,55 @@ +{{- if (include "kubeflow.istioIntegration.kubeflowJwksProxy.enabled" . | eq "true") -}} + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "kubeflow.istioIntegration.kubeflowJwksProxy.name" . }} + namespace: {{ include "kubeflow.istioIntegration.kubeflowJwksProxy.namespace" . }} + labels: + {{ include "kubeflow.istioIntegration.kubeflowJwksProxy.labels" . | nindent 4 }} +spec: + replicas: 1 + selector: + matchLabels: + {{ include "kubeflow.istioIntegration.kubeflowJwksProxy.labels" . | nindent 6 }} + template: + metadata: + labels: + {{ include "kubeflow.istioIntegration.kubeflowJwksProxy.labels" . | nindent 8 }} + spec: + serviceAccountName: {{ include "kubeflow.istioIntegration.kubeflowJwksProxy.name" . }} + containers: + - name: kubectl-proxy + image: docker.io/bitnami/kubectl + ports: + - name: http + containerPort: 8080 + startupProbe: + initialDelaySeconds: 5 + periodSeconds: 5 + timeoutSeconds: 2 + httpGet: + path: /openid/v1/jwks + port: http + livenessProbe: + initialDelaySeconds: 15 + periodSeconds: 15 + timeoutSeconds: 5 + httpGet: + path: /openid/v1/jwks + port: http + readinessProbe: + initialDelaySeconds: 15 + periodSeconds: 15 + timeoutSeconds: 5 + httpGet: + path: /openid/v1/jwks + port: http + args: + - proxy + - --address=0.0.0.0 + - --port=8080 + - --accept-hosts=.* + - --accept-paths=^(?:/openid/v1/jwks)|(?:/.well-known/openid-configuration)$ + - --reject-methods=^(POST|PUT|PATCH|DELETE|HEAD|OPTIONS|CONNECT|TRACE)$ +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/cluster-jwks-proxy/service-account.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/cluster-jwks-proxy/service-account.yaml new file mode 100644 index 00000000..78653c59 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/cluster-jwks-proxy/service-account.yaml @@ -0,0 +1,9 @@ +{{- if (include "kubeflow.istioIntegration.kubeflowJwksProxy.enabled" . | eq "true") -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "kubeflow.istioIntegration.kubeflowJwksProxy.name" . }} + namespace: {{ include "kubeflow.istioIntegration.kubeflowJwksProxy.namespace" . }} + labels: + {{ include "kubeflow.istioIntegration.kubeflowJwksProxy.labels" . | nindent 4 }} +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/cluster-jwks-proxy/service.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/cluster-jwks-proxy/service.yaml new file mode 100644 index 00000000..61dbc4a9 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/cluster-jwks-proxy/service.yaml @@ -0,0 +1,16 @@ +{{- if (include "kubeflow.istioIntegration.kubeflowJwksProxy.enabled" . | eq "true") -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "kubeflow.istioIntegration.kubeflowJwksProxy.name" . }} + namespace: {{ include "kubeflow.istioIntegration.kubeflowJwksProxy.namespace" . }} + labels: + {{ include "kubeflow.istioIntegration.kubeflowJwksProxy.labels" . | nindent 4 }} +spec: + ports: + - name: http + port: 80 + targetPort: http + selector: + {{ include "kubeflow.istioIntegration.kubeflowJwksProxy.labels" . | nindent 4 }} +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/cluster-roles.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/cluster-roles.yaml new file mode 100644 index 00000000..49d20176 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/cluster-roles.yaml @@ -0,0 +1,60 @@ +{{- if .Values.istioIntegration.enabled }} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "kubeflow.istioIntegration.labels" . | nindent 4 }} + {{- include "kubeflow.kubeflowRoles.kubeflowAdminRoleLabel" . | nindent 4 }} + name: {{ include "kubeflow.istioIntegration.istioAdminRoleName" . }} +aggregationRule: + clusterRoleSelectors: + - matchLabels: + {{- include "kubeflow.istioIntegration.istioAdminRoleLabel" . | nindent 6 }} +rules: [] + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "kubeflow.istioIntegration.labels" . | nindent 4 }} + {{- include "kubeflow.kubeflowRoles.kubeflowEditRoleLabel" . | nindent 4 }} + {{- include "kubeflow.istioIntegration.istioAdminRoleLabel" . | nindent 4 }} + name: {{ include "kubeflow.istioIntegration.istioEditRoleName" . }} +rules: +- apiGroups: + - istio.io + - networking.istio.io + resources: ["*"] + verbs: + - get + - list + - watch + - create + - delete + - deletecollection + - patch + - update + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "kubeflow.istioIntegration.labels" . | nindent 4 }} + {{- include "kubeflow.kubeflowRoles.kubeflowViewRoleLabel" . | nindent 4 }} + name: {{ include "kubeflow.istioIntegration.istioViewRoleName" . }} +rules: +- apiGroups: + - istio.io + - networking.istio.io + resources: ["*"] + verbs: + - get + - list + - watch + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/gateway.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/gateway.yaml new file mode 100644 index 00000000..808f57b0 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/gateway.yaml @@ -0,0 +1,16 @@ +{{- if (include "kubeflow.istioIntegration.enabled" . | eq "true") -}} + +apiVersion: networking.istio.io/v1beta1 +kind: Gateway +metadata: + labels: + {{- include "kubeflow.istioIntegration.labels" . | nindent 4 }} + name: {{ .Values.istioIntegration.gateway.name }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + selector: + {{- toYaml .Values.istioIntegration.gateway.selector | nindent 4 }} + servers: + {{- toYaml .Values.istioIntegration.gateway.servers | nindent 4 }} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/istio-external-auth/authorizationpolicy.jwt-require.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/istio-external-auth/authorizationpolicy.jwt-require.yaml new file mode 100644 index 00000000..dfb75908 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/istio-external-auth/authorizationpolicy.jwt-require.yaml @@ -0,0 +1,41 @@ +{{- if and + (include "kubeflow.istioIntegration.enabled" . | eq "true") + (include "kubeflow.istioIntegration.authorizationMode.ingressgateway" . | eq "true") +-}} + +apiVersion: security.istio.io/v1beta1 +kind: AuthorizationPolicy +metadata: + labels: + {{- include "kubeflow.istioIntegration.labels" . | nindent 4 }} + name: {{ include "kubeflow.istioIntegration.jwtRequire.authorizationPolicyName" . }} + namespace: {{ .Values.istioIntegration.ingressGatewayNamespace }} +spec: + action: DENY + rules: + - from: + - source: + notRequestPrincipals: ["*"] + to: + - operation: + notPaths: + # Exclude dex paths, otherwise users won't be able to log in. + - /dex/* + - /dex/** + - /oauth2/* + # Exclude paths which are safe to cache by Cloudflare. + - /favicon* + - /webcomponentsjs* + - /vendor.bundle.js + - /app.bundle.js + - /dashboard_lib.bundle.js + - /assets* + - /app.css + # Exclude paths used by Knative healthchecks + - /metrics + - /healthz + selector: + matchLabels: + {{- toYaml .Values.istioIntegration.gateway.selector | nindent 6 }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/istio-external-auth/authorizationpolicy.oauth2-proxy.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/istio-external-auth/authorizationpolicy.oauth2-proxy.yaml new file mode 100644 index 00000000..7f4dfcf6 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/istio-external-auth/authorizationpolicy.oauth2-proxy.yaml @@ -0,0 +1,48 @@ +{{- if and + (include "kubeflow.istioIntegration.enabled" . | eq "true") + (include "kubeflow.istioIntegration.authorizationMode.ingressgateway" . | eq "true") +-}} + +# NOTE: this AuthorizationPolicy forces traffic through ext authz http extension. +# The .spec.rules.to.operations.notPaths is configured for +# CloudFlare integration and allows only static, non-secret assets to be +# accessible without the Istio Auth. + +apiVersion: security.istio.io/v1beta1 +kind: AuthorizationPolicy +metadata: + labels: + {{- include "kubeflow.istioIntegration.labels" . | nindent 4 }} + name: {{ include "kubeflow.istioIntegration.extAuth.authorizationPolicyName" . }} + namespace: {{ .Values.istioIntegration.ingressGatewayNamespace }} +spec: + action: CUSTOM + provider: + name: {{ .Values.istioIntegration.envoyExtAuthzHttpExtensionProviderName }} + rules: + - when: + - key: request.headers[authorization] + notValues: ["*"] + to: + - operation: + notPaths: + # Exclude dex paths, otherwise users won't be able to log in. + - /dex/* + - /dex/** + - /oauth2/* + # Exclude paths which are safe to cache by Cloudflare. + - /favicon* + - /webcomponentsjs* + - /vendor.bundle.js + - /app.bundle.js + - /dashboard_lib.bundle.js + - /assets* + - /app.css + # Exclude paths used by Knative healthchecks + - /metrics + - /healthz + selector: + matchLabels: + {{- toYaml .Values.istioIntegration.gateway.selector | nindent 6 }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/istio-external-auth/requestauthentication.user-auth.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/istio-external-auth/requestauthentication.user-auth.yaml new file mode 100644 index 00000000..9ebd6f72 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/istio-external-auth/requestauthentication.user-auth.yaml @@ -0,0 +1,26 @@ +{{- if (include "kubeflow.istioIntegration.enabled" . | eq "true") -}} + +apiVersion: security.istio.io/v1beta1 +kind: RequestAuthentication +metadata: + labels: + {{- include "kubeflow.istioIntegration.labels" . | nindent 4 }} + name: {{ include "kubeflow.istioIntegration.userAuth.requestAuthenticationName" . }} + namespace: {{ .Values.istioIntegration.ingressGatewayNamespace }} +spec: + selector: + matchLabels: + {{- toYaml .Values.istioIntegration.gateway.selector | nindent 6 }} + jwtRules: + - issuer: {{ .Values.istioIntegration.userAuth.issuer }} + forwardOriginalToken: true + outputClaimToHeaders: + - claim: {{ .Values.istioIntegration.userAuth.userClaim }} + header: {{ .Values.auth.userHeaderName }} + - claim: {{ .Values.istioIntegration.m2m.groupsClaim }} + header: {{ .Values.auth.groupsHeaderName }} + fromHeaders: + - name: {{ .Values.auth.authHeader.name }} + prefix: {{ .Values.auth.authHeader.prefix }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/istio-m2m/requestauthentication.m2m.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/istio-m2m/requestauthentication.m2m.yaml new file mode 100644 index 00000000..547b0184 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/istio-m2m/requestauthentication.m2m.yaml @@ -0,0 +1,29 @@ +{{- if (include "kubeflow.istioIntegration.m2m.enabled" . | eq "true") -}} + +apiVersion: security.istio.io/v1beta1 +kind: RequestAuthentication +metadata: + labels: + {{- include "kubeflow.istioIntegration.labels" . | nindent 4 }} + name: {{ include "kubeflow.istioIntegration.m2m.requestAuthenticationName" . }} + namespace: {{ .Values.istioIntegration.ingressGatewayNamespace }} +spec: + selector: + matchLabels: + {{- toYaml .Values.istioIntegration.gateway.selector | nindent 6 }} + jwtRules: + - issuer: {{ .Values.istioIntegration.m2m.issuer }} + forwardOriginalToken: true + outputClaimToHeaders: + - claim: {{ .Values.istioIntegration.m2m.userClaim }} + header: {{ .Values.auth.userHeaderName }} + - claim: {{ .Values.istioIntegration.m2m.groupsClaim }} + header: {{ .Values.auth.groupsHeaderName }} + fromHeaders: + - name: {{ .Values.auth.authHeader.name }} + prefix: {{ .Values.auth.authHeader.prefix }} +{{- if .Values.istioIntegration.kubeflowJwksProxy.enabled }} + jwksUri: {{ include "kubeflow.istioIntegration.jwksUri" . }} +{{- end }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/certmanager.certificate.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/certmanager.certificate.yaml new file mode 100644 index 00000000..1082e03e --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/certmanager.certificate.yaml @@ -0,0 +1,22 @@ +{{- if (include "kubeflow.katib.controller.enabledWithCertManager" . )}} +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + labels: + {{- include "kubeflow.katib.controller.labels" . | nindent 4 }} + name: {{ include "kubeflow.katib.controller.certName" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + isCA: true + commonName: {{ include "kubeflow.katib.controller.svc.addressWithSvc" . }} + dnsNames: + - {{ include "kubeflow.katib.controller.svc.name" . }} + - {{ include "kubeflow.katib.controller.svc.addressWithNs" . }} + - {{ include "kubeflow.katib.controller.svc.addressWithSvc" . }} + - {{ include "kubeflow.katib.controller.svc.fqdn" . }} + issuerRef: + kind: Issuer + name: {{ include "kubeflow.katib.controller.certIssuerName" . }} + secretName: {{ include "kubeflow.katib.controller.tlsCertSecretName" . }} +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/certmanager.issuer.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/certmanager.issuer.yaml new file mode 100644 index 00000000..c845f543 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/certmanager.issuer.yaml @@ -0,0 +1,12 @@ +{{- if (include "kubeflow.katib.controller.enabledWithCertManager" . )}} +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + labels: + {{- include "kubeflow.katib.controller.labels" . | nindent 4 }} + name: {{ include "kubeflow.katib.controller.certIssuerName" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + selfSigned: {} +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/configmap.katib-config.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/configmap.katib-config.yaml new file mode 100644 index 00000000..cc6b6138 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/configmap.katib-config.yaml @@ -0,0 +1,17 @@ +{{- if (include "kubeflow.katib.enabled" .) -}} + +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + {{- include "kubeflow.katib.controller.labels" . | nindent 4 }} + name: {{ include "kubeflow.katib.controller.configMapName" . }} + namespace: {{ include "kubeflow.namespace" . }} +data: + katib-config.yaml: | + --- + apiVersion: config.kubeflow.org/v1beta1 + kind: KatibConfig + {{- .Values.katib.config | toYaml | nindent 4 }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/deployment.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/deployment.yaml new file mode 100644 index 00000000..53e03415 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/deployment.yaml @@ -0,0 +1,80 @@ +{{- if (include "kubeflow.katib.controller.enabled" .) -}} + +{{- $autoscalingEnabled := include "kubeflow.katib.controller.autoscaling.enabled" . -}} +{{- $replicas := include "kubeflow.katib.controller.autoscaling.minReplicas" . -}} + +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + {{- include "kubeflow.katib.controller.labels" . | nindent 4 }} + name: {{ include "kubeflow.katib.controller.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + {{- if (eq $autoscalingEnabled "false") }} + replicas: {{ $replicas }} + {{- end }} + + selector: + matchLabels: + {{- include "kubeflow.katib.controller.selectorLabels" . | nindent 6 }} + + template: + metadata: + labels: + {{- include "kubeflow.katib.controller.selectorLabels" . | nindent 8 }} + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "8080" + spec: + containers: + - name: {{ include "kubeflow.katib.controller.baseName" . }} + image: {{ include "kubeflow.katib.controller.image" . }} + command: ["./katib-controller"] + args: + - --katib-config=/katib-config.yaml + ports: + - name: webhook + containerPort: {{ .Values.katib.controller.service.webhook.targetPort }} + protocol: TCP + - name: metrics + containerPort: {{ .Values.katib.controller.service.metrics.targetPort }} + protocol: TCP + - name: healthz + containerPort: {{ .Values.katib.controller.service.healthz.targetPort }} + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: healthz + livenessProbe: + httpGet: + path: /healthz + port: healthz + env: + - name: KATIB_CORE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + volumeMounts: + - mountPath: /tmp/cert + name: cert + readOnly: true + - mountPath: /katib-config.yaml + name: katib-config + subPath: katib-config.yaml + readOnly: true + {{- with .Values.katib.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "kubeflow.katib.controller.serviceAccountName" . }} + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: {{ include "kubeflow.katib.controller.tlsCertSecretName" . }} + - name: katib-config + configMap: + name: {{ include "kubeflow.katib.controller.configMapName" . }} +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/rbac/clusterrole.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/rbac/clusterrole.yaml new file mode 100644 index 00000000..80c75812 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/rbac/clusterrole.yaml @@ -0,0 +1,133 @@ +{{- if (include "kubeflow.katib.enabled" . | eq "true") -}} +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: + {{- include "kubeflow.katib.controller.labels" . | nindent 4 }} + name: {{ include "kubeflow.katib.controller.mainClusterRoleName" . }} +rules: + - apiGroups: + - "" + resources: + - services + verbs: + - "get" + - "list" + - "watch" + - "create" + - "delete" + - apiGroups: + - "" + resources: + - events + verbs: + - "create" + - "patch" + - "update" + - apiGroups: + - "" + resources: + - serviceaccounts + - persistentvolumes + - persistentvolumeclaims + verbs: + - "get" + - "list" + - "watch" + - "create" + - apiGroups: + - "" + resources: + - namespaces + - configmaps + verbs: + - "get" + - "list" + - "watch" + - apiGroups: + - "" + resources: + - pods + - pods/status + verbs: + - "get" + - apiGroups: + - "" + resources: + - secrets + verbs: + - "get" + - "list" + - "watch" + - "patch" + - apiGroups: + - apps + resources: + - deployments + verbs: + - "get" + - "list" + - "watch" + - "create" + - "delete" + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - "get" + - "create" + - "list" + - "watch" + - apiGroups: + - batch + resources: + - jobs + - cronjobs + verbs: + - "get" + - "list" + - "watch" + - "create" + - "delete" + - apiGroups: + - kubeflow.org + resources: + - tfjobs + - pytorchjobs + - mpijobs + - xgboostjobs + - mxjobs + verbs: + - "get" + - "list" + - "watch" + - "create" + - "delete" + - apiGroups: + - kubeflow.org + resources: + - experiments + - experiments/status + - experiments/finalizers + - trials + - trials/status + - trials/finalizers + - suggestions + - suggestions/status + - suggestions/finalizers + verbs: + - "*" + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - "get" + - "watch" + - "list" + - "patch" +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/rbac/clusterrolebinding.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/rbac/clusterrolebinding.yaml new file mode 100644 index 00000000..7603b5e2 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/rbac/clusterrolebinding.yaml @@ -0,0 +1,18 @@ +{{- if (include "kubeflow.katib.enabled" . | eq "true") -}} +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: + {{- include "kubeflow.katib.controller.labels" . | nindent 4 }} + name: {{ include "kubeflow.katib.controller.mainClusterRoleBindingName" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "kubeflow.katib.controller.mainClusterRoleName" . }} +subjects: +- kind: ServiceAccount + name: {{ include "kubeflow.katib.controller.serviceAccountName" . }} + namespace: {{ include "kubeflow.namespace" . }} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/rbac/serviceaccount.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/rbac/serviceaccount.yaml new file mode 100644 index 00000000..0aac5e86 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/rbac/serviceaccount.yaml @@ -0,0 +1,18 @@ +{{- if (include "kubeflow.katib.enabled" . | eq "true") -}} +{{- if (include "kubeflow.katib.controller.createServiceAccount" . | eq "true") -}} + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + {{- with .Values.katib.controller.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4}} + {{- end }} + labels: + {{- include "kubeflow.katib.controller.labels" . | nindent 4 }} + name: {{ include "kubeflow.katib.controller.serviceAccountName" . }} + namespace: {{ include "kubeflow.namespace" . }} + +{{- end }} +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/service.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/service.yaml new file mode 100644 index 00000000..00ec19fd --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/service.yaml @@ -0,0 +1,30 @@ +{{- if (include "kubeflow.katib.enabled" . | eq "true") -}} +{{- if (include "kubeflow.katib.controller.enabled" . | eq "true") -}} +--- +apiVersion: v1 +kind: Service +metadata: + {{- with .Values.katib.controller.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "kubeflow.katib.controller.labels" . | nindent 4 }} + name: {{ include "kubeflow.katib.controller.svc.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + ports: + - name: webhook + port: {{ .Values.katib.controller.service.webhook.port }} + targetPort: {{ .Values.katib.controller.service.webhook.targetPort }} + protocol: TCP + - name: metrics + port: {{ .Values.katib.controller.service.metrics.port }} + targetPort: {{ .Values.katib.controller.service.metrics.targetPort }} + - name: healthz + port: {{ .Values.katib.controller.service.healthz.port }} + targetPort: {{ .Values.katib.controller.service.healthz.targetPort }} + selector: + {{- include "kubeflow.katib.controller.selectorLabels" . | nindent 4 }} +{{- end }} +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/trial-templates.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/trial-templates.yaml new file mode 100644 index 00000000..b4a64e9a --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/trial-templates.yaml @@ -0,0 +1,80 @@ +{{- if (include "kubeflow.katib.enabled" .) -}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: trial-templates + namespace: kubeflow + labels: + katib.kubeflow.org/component: trial-templates +data: + defaultTrialTemplate.yaml: |- + apiVersion: batch/v1 + kind: Job + spec: + template: + spec: + containers: + - name: training-container + image: docker.io/kubeflowkatib/pytorch-mnist-cpu:v0.17.0 + command: + - "python3" + - "/opt/pytorch-mnist/mnist.py" + - "--epochs=1" + - "--batch-size=16" + - "--lr=${trialParameters.learningRate}" + - "--momentum=${trialParameters.momentum}" + restartPolicy: Never + # For ConfigMap templates double quotes must set in commands to correct parse JSON parameters in Trial Template (e.g nn_config, architecture) + enasCPUTemplate: |- + apiVersion: batch/v1 + kind: Job + spec: + template: + spec: + containers: + - name: training-container + image: docker.io/kubeflowkatib/enas-cnn-cifar10-cpu:v0.17.0 + command: + - python3 + - -u + - RunTrial.py + - --num_epochs=1 + - "--architecture=\"${trialParameters.neuralNetworkArchitecture}\"" + - "--nn_config=\"${trialParameters.neuralNetworkConfig}\"" + restartPolicy: Never + pytorchJobTemplate: |- + apiVersion: kubeflow.org/v1 + kind: PyTorchJob + spec: + pytorchReplicaSpecs: + Master: + replicas: 1 + restartPolicy: OnFailure + template: + spec: + containers: + - name: pytorch + image: docker.io/kubeflowkatib/pytorch-mnist-cpu:v0.17.0 + command: + - "python3" + - "/opt/pytorch-mnist/mnist.py" + - "--epochs=1" + - "--lr=${trialParameters.learningRate}" + - "--momentum=${trialParameters.momentum}" + Worker: + replicas: 2 + restartPolicy: OnFailure + template: + spec: + containers: + - name: pytorch + image: docker.io/kubeflowkatib/pytorch-mnist-cpu:v0.17.0 + command: + - "python3" + - "/opt/pytorch-mnist/mnist.py" + - "--epochs=1" + - "--lr=${trialParameters.learningRate}" + - "--momentum=${trialParameters.momentum}" + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/webhook.mutating.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/webhook.mutating.yaml new file mode 100644 index 00000000..41508813 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/webhook.mutating.yaml @@ -0,0 +1,67 @@ +{{- if (include "kubeflow.katib.controller.enabled" .) -}} + +{{- $ca := printf "%s/%s" + (include "kubeflow.namespace" .) + (include "kubeflow.katib.controller.certName" .) +-}} + +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: {{ $ca }} + labels: + {{- include "kubeflow.katib.controller.labels" . | nindent 4 }} + name: {{ include "kubeflow.katib.controller.mutatingWebhook.name" . }} +webhooks: + - name: defaulter.experiment.katib.kubeflow.org + clientConfig: + service: + name: {{ include "kubeflow.katib.controller.svc.name" .}} + namespace: {{ include "kubeflow.namespace" . }} + path: /mutate-experiment + sideEffects: None + admissionReviewVersions: + - v1 + rules: + - apiGroups: + - kubeflow.org + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - experiments + - name: mutator.pod.katib.kubeflow.org + clientConfig: + service: + name: {{ include "kubeflow.katib.controller.svc.name" .}} + namespace: {{ include "kubeflow.namespace" . }} + path: /mutate-pod + sideEffects: None + admissionReviewVersions: + - v1 + namespaceSelector: + matchLabels: + katib.kubeflow.org/metrics-collector-injection: enabled + # Once the AdmissionWebhookMatchConditions feature gate is enabled by default, we should switch to control based on userInfo. + # REF: + # - AdmissionWebhookMatchConditions: https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchconditions + # - Tracking issue: https://github.com/kubeflow/katib/issues/2206 + objectSelector: + matchExpressions: + - key: katib.kubeflow.org/metrics-collector-injection + operator: NotIn + values: + - disabled + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + resources: + - pods +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/webhook.validating.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/webhook.validating.yaml new file mode 100644 index 00000000..0e319962 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/webhook.validating.yaml @@ -0,0 +1,36 @@ +{{- if (include "kubeflow.katib.controller.enabled" .) -}} + +{{- $ca := printf "%s/%s" + (include "kubeflow.namespace" .) + (include "kubeflow.katib.controller.certName" .) +-}} + +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: {{ $ca }} + labels: + {{- include "kubeflow.katib.controller.labels" . | nindent 4 }} + name: {{ include "kubeflow.katib.controller.validatingWebhook.name" . }} +webhooks: + - name: validator.experiment.katib.kubeflow.org + clientConfig: + service: + name: {{ include "kubeflow.katib.controller.svc.name" .}} + namespace: {{ include "kubeflow.namespace" . }} + path: /validate-experiment + sideEffects: None + admissionReviewVersions: + - v1 + rules: + - apiGroups: + - kubeflow.org + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - experiments +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/db-manager/deployment.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/db-manager/deployment.yaml new file mode 100644 index 00000000..e51c77ab --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/db-manager/deployment.yaml @@ -0,0 +1,56 @@ +{{- if (include "kubeflow.katib.dbmanager.enabled" . | eq "true") -}} + + {{- $autoscalingEnabled := include "kubeflow.katib.dbmanager.autoscaling.enabled" . -}} + {{- $replicas := include "kubeflow.katib.dbmanager.autoscaling.minReplicas" . -}} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + {{- include "kubeflow.katib.dbmanager.labels" . | nindent 4 }} + name: {{ include "kubeflow.katib.dbmanager.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + {{- if (eq $autoscalingEnabled "false") }} + replicas: {{ $replicas }} + {{- end }} + + selector: + matchLabels: + {{- include "kubeflow.katib.dbmanager.selectorLabels" . | nindent 6 }} + + template: + metadata: + labels: + {{- include "kubeflow.katib.dbmanager.selectorLabels" . | nindent 8 }} + {{- with .Values.katib.dbmanager.annotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + containers: + - name: {{ include "kubeflow.katib.dbmanager.baseName" . }} + image: {{ include "kubeflow.katib.dbmanager.image" . }} # docker.io/kubeflowkatib/katib-db-manager + env: + {{- include "kubeflow.katib.dbmanager.config.db.driver.env.spec" . | nindent 12 }} + {{- include "kubeflow.katib.dbmanager.config.db.host.env.spec" . | nindent 12 }} + {{- include "kubeflow.katib.dbmanager.config.db.port.env.spec" . | nindent 12 }} + {{- include "kubeflow.katib.dbmanager.config.db.databaseName.env.spec" . | nindent 12 }} + {{- include "kubeflow.katib.dbmanager.config.db.user.env.spec" . | nindent 12 }} + {{- include "kubeflow.katib.dbmanager.config.db.password.env.spec" . | nindent 12 }} + command: + - "./katib-db-manager" + ports: + - name: api + containerPort: 6789 + livenessProbe: + grpc: + port: 6789 + initialDelaySeconds: 10 + periodSeconds: 60 + failureThreshold: 5 + {{- with .Values.katib.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/db-manager/service.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/db-manager/service.yaml new file mode 100644 index 00000000..61c101d9 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/db-manager/service.yaml @@ -0,0 +1,24 @@ +{{- if (include "kubeflow.katib.enabled" . | eq "true") -}} +{{- if (include "kubeflow.katib.dbmanager.enabled" . | eq "true") -}} +--- +apiVersion: v1 +kind: Service +metadata: + {{- with .Values.katib.dbmanager.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "kubeflow.katib.dbmanager.labels" . | nindent 4 }} + name: {{ include "kubeflow.katib.dbmanager.svc.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + type: {{ .Values.katib.dbmanager.service.type }} + ports: + - port: 6789 + protocol: TCP + name: api + selector: + {{- include "kubeflow.katib.dbmanager.selectorLabels" . | nindent 4 }} +{{- end }} +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/ui/authorizationpolicy.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/ui/authorizationpolicy.yaml new file mode 100644 index 00000000..eec5f552 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/ui/authorizationpolicy.yaml @@ -0,0 +1,22 @@ +{{- if (include "kubeflow.katib.ui.createIstioIntegrationObjects" .) -}} + +apiVersion: security.istio.io/v1beta1 +kind: AuthorizationPolicy +metadata: + labels: + {{- include "kubeflow.katib.ui.labels" . | nindent 4 }} + name: {{ include "kubeflow.katib.ui.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + selector: + matchLabels: + {{- include "kubeflow.katib.ui.selectorLabels" . | nindent 6 }} + rules: + - from: + - source: + namespaces: + # in upstream this is directly the istio-ingressgateway service account + # apps/katib/upstream/installs/katib-with-kubeflow/istio-authorizationpolicy.yaml + - {{ .Values.istioIntegration.ingressGatewayNamespace }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/ui/deployment.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/ui/deployment.yaml new file mode 100644 index 00000000..247aa719 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/ui/deployment.yaml @@ -0,0 +1,52 @@ +{{- if (include "kubeflow.katib.enabled" . | eq "true") -}} +{{- if (include "kubeflow.katib.ui.enabled" . | eq "true") -}} + +{{- $autoscalingEnabled := include "kubeflow.katib.ui.autoscaling.enabled" . -}} +{{- $replicas := include "kubeflow.katib.ui.autoscaling.minReplicas" . -}} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + {{- include "kubeflow.katib.ui.labels" . | nindent 4 }} + name: {{ include "kubeflow.katib.ui.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + {{- if (eq $autoscalingEnabled "false") }} + replicas: {{ $replicas }} + {{- end }} + + selector: + matchLabels: + {{- include "kubeflow.katib.ui.selectorLabels" . | nindent 6 }} + + template: + metadata: + labels: + {{- include "kubeflow.katib.ui.selectorLabels" . | nindent 8 }} + {{- with .Values.katib.ui.annotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + containers: + - name: {{ include "kubeflow.katib.ui.baseName" . }} + image: {{ include "kubeflow.katib.ui.image" . }} # kubeflowkatib/katib-ui + command: + - "./katib-ui" + args: + - "--port=8080" + env: + - name: KATIB_CORE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: APP_DISABLE_AUTH + value: 'false' + ports: + - name: ui + containerPort: 8080 + serviceAccountName: {{ include "kubeflow.katib.ui.serviceAccountName" . }} + +{{- end }} +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/ui/rbac/clusterrole.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/ui/rbac/clusterrole.yaml new file mode 100644 index 00000000..684b80da --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/ui/rbac/clusterrole.yaml @@ -0,0 +1,44 @@ +{{- if (include "kubeflow.katib.enabled" . | eq "true") -}} +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: + {{- include "kubeflow.katib.ui.labels" . | nindent 4 }} + name: {{ include "kubeflow.katib.ui.mainClusterRoleName" . }} +rules: + - apiGroups: + - "" + resources: + - configmaps + - namespaces + verbs: + - "*" + - apiGroups: + - kubeflow.org + resources: + - experiments + - trials + - suggestions + verbs: + - "*" + - apiGroups: + - "" + resources: + - pods + verbs: + - list + - apiGroups: + - "" + resources: + - pods/log + verbs: + - get + # the following only in multi-user mode + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/ui/rbac/clusterrolebinding.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/ui/rbac/clusterrolebinding.yaml new file mode 100644 index 00000000..03faad7d --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/ui/rbac/clusterrolebinding.yaml @@ -0,0 +1,18 @@ +{{- if (include "kubeflow.katib.enabled" . | eq "true") -}} +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: + {{- include "kubeflow.katib.ui.labels" . | nindent 4 }} + name: {{ include "kubeflow.katib.ui.mainClusterRoleBindingName" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "kubeflow.katib.ui.mainClusterRoleName" . }} +subjects: +- kind: ServiceAccount + name: {{ include "kubeflow.katib.ui.serviceAccountName" . }} + namespace: {{ include "kubeflow.namespace" . }} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/ui/rbac/serviceaccount.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/ui/rbac/serviceaccount.yaml new file mode 100644 index 00000000..5539ff04 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/ui/rbac/serviceaccount.yaml @@ -0,0 +1,16 @@ +{{- if (include "kubeflow.katib.enabled" . | eq "true") -}} +{{- if (include "kubeflow.katib.ui.createServiceAccount" . | eq "true") -}} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + {{- with .Values.katib.ui.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4}} + {{- end }} + labels: + {{- include "kubeflow.katib.ui.labels" . | nindent 4 }} + name: {{ include "kubeflow.katib.ui.serviceAccountName" . }} + namespace: {{ include "kubeflow.namespace" . }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/ui/service.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/ui/service.yaml new file mode 100644 index 00000000..e90780e9 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/ui/service.yaml @@ -0,0 +1,25 @@ +{{- if (include "kubeflow.katib.enabled" . | eq "true") -}} +{{- if (include "kubeflow.katib.ui.enabled" . | eq "true") -}} +--- +apiVersion: v1 +kind: Service +metadata: + {{- with .Values.katib.ui.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "kubeflow.katib.ui.labels" . | nindent 4 }} + name: {{ include "kubeflow.katib.ui.svc.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + type: ClusterIP + ports: + - port: 80 + protocol: TCP + name: ui + targetPort: 8080 + selector: + {{- include "kubeflow.katib.ui.selectorLabels" . | nindent 4 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/ui/virtualservice.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/ui/virtualservice.yaml new file mode 100644 index 00000000..e55ca465 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/ui/virtualservice.yaml @@ -0,0 +1,38 @@ +{{- if (include "kubeflow.katib.ui.createIstioIntegrationObjects" .) -}} + +# apps/katib/upstream/installs/katib-with-kubeflow/ui-virtual-service.yaml + +apiVersion: networking.istio.io/v1beta1 +kind: VirtualService +metadata: + labels: + {{- include "kubeflow.katib.ui.labels" . | nindent 4 }} + name: {{ include "kubeflow.katib.ui.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + gateways: + - {{ .Values.katib.istioIntegration.gateway.name }} + hosts: + - '*' + http: + - match: + - uri: + prefix: {{ .Values.katib.urlPrefix }} # upstream contains trailing forward slash + rewrite: + uri: {{ .Values.katib.urlPrefix }} # upstream contains trailing forward slash + route: + - destination: + host: {{ include "kubeflow.katib.ui.svc.fqdn" . }} + port: + number: 80 + # maybe we don't need this... + headers: + request: + add: + x-forwarded-prefix: {{ .Values.katib.urlPrefix }} + Tracing-Context: {{ include "kubeflow.katib.ui.baseName" . }} + response: + add: + Tracing-Context: {{ include "kubeflow.katib.ui.baseName" . }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/user-roles/clusterrole.kubeflow-katib-admin.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/user-roles/clusterrole.kubeflow-katib-admin.yaml new file mode 100644 index 00000000..6b2c6d1c --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/user-roles/clusterrole.kubeflow-katib-admin.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "kubeflow.kubeflowRoles.kubeflowAdminRoleLabel" . | nindent 4 }} + name: {{ include "kubeflow.katib.adminClusterRoleName" . }} +aggregationRule: + clusterRoleSelectors: + - matchLabels: + {{- include "kubeflow.katib.adminClusterRoleLabel" . | nindent 8 }} +rules: [] diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/user-roles/clusterrole.kubeflow-katib-edit.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/user-roles/clusterrole.kubeflow-katib-edit.yaml new file mode 100644 index 00000000..5d0abdb0 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/user-roles/clusterrole.kubeflow-katib-edit.yaml @@ -0,0 +1,35 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "kubeflow.katib.adminClusterRoleLabel" . | nindent 4 }} + {{- include "kubeflow.kubeflowRoles.kubeflowEditRoleLabel" . | nindent 4 }} + name: {{ include "kubeflow.katib.editClusterRoleName" . }} +rules: + - apiGroups: + - kubeflow.org + resources: + - experiments + - trials + - suggestions + verbs: + - get + - list + - watch + - create + - delete + - deletecollection + - patch + - update + - apiGroups: + - "" + resources: + - pods + verbs: + - list + - apiGroups: + - "" + resources: + - pods/log + verbs: + - get diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/user-roles/clusterrole.kubeflow-katib-view.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/user-roles/clusterrole.kubeflow-katib-view.yaml new file mode 100644 index 00000000..c82d58f9 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/user-roles/clusterrole.kubeflow-katib-view.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "kubeflow.kubeflowRoles.kubernetesViewRoleLabel" . | nindent 4 }} + name: {{ include "kubeflow.katib.viewClusterRoleName" . }} +rules: + - apiGroups: + - kubeflow.org + resources: + - experiments + - trials + - suggestions + verbs: + - get + - list + - watch diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/knative-integration/istio.authrizationpolicies.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/knative-integration/istio.authrizationpolicies.yaml new file mode 100644 index 00000000..d9ac47bc --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/knative-integration/istio.authrizationpolicies.yaml @@ -0,0 +1,41 @@ +{{- if (include "kubeflow.knativeIntegration.createIstioIntegrationObjects" .) }} +--- +{{ include "istio.authorizationPolicy" (dict + "name" "activator-service" + "namespace" .Values.knativeIntegration.knativeServing.namespace + "action" "ALLOW" + "labels" (dict "app" "activator")) +}} + +--- +{{ include "istio.authorizationPolicy" (dict + "name" "autoscaler" + "namespace" .Values.knativeIntegration.knativeServing.namespace + "action" "ALLOW" + "labels" (dict "app" "autoscaler")) +}} + +--- +{{ include "istio.authorizationPolicy" (dict + "name" "controller" + "namespace" .Values.knativeIntegration.knativeServing.namespace + "action" "ALLOW" + "labels" (dict "app" "controller")) +}} + +--- +{{ include "istio.authorizationPolicy" (dict + "name" "istio-webhook" + "namespace" .Values.knativeIntegration.knativeServing.namespace + "action" "ALLOW" + "labels" (dict "app" "net-istio-webhook")) +}} + +--- +{{ include "istio.authorizationPolicy" (dict + "name" "webhook" + "namespace" .Values.knativeIntegration.knativeServing.namespace + "action" "ALLOW" + "labels" (dict "role" "webhook")) +}} +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/knative-integration/istio.destinationrules.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/knative-integration/istio.destinationrules.yaml new file mode 100644 index 00000000..7bd24f81 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/knative-integration/istio.destinationrules.yaml @@ -0,0 +1,16 @@ +{{/* +DestinationRule for mTLS +*/}} +{{- if (include "kubeflow.knativeIntegration.createIstioIntegrationObjects" .) }} + +apiVersion: "networking.istio.io/v1alpha3" +kind: DestinationRule +metadata: + name: knative + namespace: {{ .Values.knativeIntegration.knativeServing.namespace }} +spec: + host: "*.{{ .Values.knativeIntegration.knativeServing.namespace }}.svc.cluster.local" + trafficPolicy: + tls: + mode: ISTIO_MUTUAL +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/knative-integration/operator.knative.eventing.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/knative-integration/operator.knative.eventing.yaml new file mode 100644 index 00000000..9722fdf8 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/knative-integration/operator.knative.eventing.yaml @@ -0,0 +1,11 @@ +{{- if (include "kubeflow.knativeIntegration.knativeEventing.enabled" .) }} + +apiVersion: operator.knative.dev/v1beta1 +kind: KnativeEventing +metadata: + name: {{ .Values.knativeIntegration.knativeEventing.name }} + namespace: {{ .Values.knativeIntegration.knativeEventing.namespace }} +spec: + {{- toYaml .Values.knativeIntegration.knativeEventing.operatorSpec | nindent 2 -}} +{{- end }} + diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/knative-integration/operator.knative.serving.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/knative-integration/operator.knative.serving.yaml new file mode 100644 index 00000000..b9dac742 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/knative-integration/operator.knative.serving.yaml @@ -0,0 +1,10 @@ +{{- if (include "kubeflow.knativeIntegration.knativeServing.enabled" .) }} + +apiVersion: operator.knative.dev/v1beta1 +kind: KnativeServing +metadata: + name: {{ .Values.knativeIntegration.knativeServing.name }} + namespace: {{ .Values.knativeIntegration.knativeServing.namespace }} +spec: + {{- toYaml .Values.knativeIntegration.knativeServing.operatorSpec | nindent 2 -}} +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/kserve-models-web-app/authorizationpolicy.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/kserve-models-web-app/authorizationpolicy.yaml new file mode 100644 index 00000000..35f11e40 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/kserve-models-web-app/authorizationpolicy.yaml @@ -0,0 +1,21 @@ +{{- if (include "kubeflow.kserveModelsWebApp.enabled" . | eq "true") -}} + +apiVersion: security.istio.io/v1beta1 +kind: AuthorizationPolicy +metadata: + labels: + {{- include "kubeflow.kserveModelsWebApp.labels" . | nindent 4 }} + name: {{ include "kubeflow.kserveModelsWebApp.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + action: ALLOW + selector: + matchLabels: + {{- include "kubeflow.kserveModelsWebApp.selectorLabels" . | nindent 6 }} + rules: + - from: + - source: + namespaces: + - {{ .Values.istioIntegration.ingressGatewayNamespace }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/kserve-models-web-app/cluster-role-binding.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/kserve-models-web-app/cluster-role-binding.yaml new file mode 100644 index 00000000..186102bf --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/kserve-models-web-app/cluster-role-binding.yaml @@ -0,0 +1,18 @@ +{{- if (include "kubeflow.kserveModelsWebApp.enabled" . | eq "true") -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + {{- include "kubeflow.kserveModelsWebApp.labels" . | nindent 4 }} + name: {{ include "kubeflow.kserveModelsWebApp.mainClusterRoleBindingName" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "kubeflow.kserveModelsWebApp.mainClusterRoleName" . }} +subjects: +- kind: ServiceAccount + name: {{ include "kubeflow.kserveModelsWebApp.serviceAccountName" . }} + namespace: {{ include "kubeflow.namespace" . }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/kserve-models-web-app/cluster-role.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/kserve-models-web-app/cluster-role.yaml new file mode 100644 index 00000000..1b8c7b14 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/kserve-models-web-app/cluster-role.yaml @@ -0,0 +1,55 @@ +{{- if (include "kubeflow.kserveModelsWebApp.rbac.createRole" . | eq "true" ) -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "kubeflow.kserveModelsWebApp.labels" . | nindent 4 }} + name: {{ include "kubeflow.kserveModelsWebApp.mainClusterRoleName" . }} +rules: +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +- apiGroups: + - "" + resources: + - namespaces + - pods + - pods/log + - events + verbs: + - get + - list +- apiGroups: + - serving.kserve.io + resources: + - inferenceservices + - inferenceservices/status + verbs: + - get + - list + - watch + - create + - delete + - deletecollection + - patch + - update +- apiGroups: + - serving.knative.dev + resources: + - services + - services/status + - routes + - routes/status + - configurations + - configurations/status + - revisions + - revisions/status + verbs: + - get + - list + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/kserve-models-web-app/cm.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/kserve-models-web-app/cm.yaml new file mode 100644 index 00000000..a7e27018 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/kserve-models-web-app/cm.yaml @@ -0,0 +1,15 @@ +{{- if (include "kubeflow.kserveModelsWebApp.enabled" . | eq "true" ) -}} + +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + {{- include "kubeflow.kserveModelsWebApp.labels" . | nindent 4 }} + name: {{ include "kubeflow.kserveModelsWebApp.configMapName" . }} + namespace: {{ include "kubeflow.namespace" . }} +data: + APP_DISABLE_AUTH: "True" + USERID_HEADER: {{ .Values.auth.userHeaderName | quote }} + APP_PREFIX: "{{ .Values.kserveModelsWebApp.config.urlPrefix }}" + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/kserve-models-web-app/deployment.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/kserve-models-web-app/deployment.yaml new file mode 100644 index 00000000..b1bbe6ef --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/kserve-models-web-app/deployment.yaml @@ -0,0 +1,79 @@ +{{- if (include "kubeflow.kserveModelsWebApp.enabled" . | eq "true") -}} + +{{- $autoscalingEnabled := include "kubeflow.kserveModelsWebApp.autoscaling.enabled" . -}} +{{- $replicas := include "kubeflow.kserveModelsWebApp.autoscaling.minReplicas" . -}} + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "kubeflow.kserveModelsWebApp.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + {{- if (eq $autoscalingEnabled "false") }} + replicas: {{ $replicas }} + {{- end }} + + selector: + matchLabels: + {{- include "kubeflow.kserveModelsWebApp.selectorLabels" . | nindent 6 }} + + template: + metadata: + labels: + {{- include "kubeflow.kserveModelsWebApp.selectorLabels" . | nindent 8 }} + + spec: + containers: + - image: {{ include "kubeflow.kserveModelsWebApp.image" . }} + imagePullPolicy: {{ include "kubeflow.kserveModelsWebApp.imagePullPolicy" . }} + name: {{ include "kubeflow.kserveModelsWebApp.baseName" . }} + {{- with .Values.kserveModelsWebApp.resources }} + resources: + {{- toYaml . | nindent 10 }} + {{- end }} + envFrom: + - configMapRef: + name: {{ include "kubeflow.kserveModelsWebApp.configMapName" . }} + ports: + - containerPort: 5000 + name: http + livenessProbe: + httpGet: + path: /healthz/liveness + port: http + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + successThreshold: 1 + readinessProbe: + httpGet: + path: /healthz/readiness + port: http + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + successThreshold: 1 + serviceAccountName: {{ include "kubeflow.kserveModelsWebApp.serviceAccountName" . }} + {{- with include "kubeflow.kserveModelsWebApp.nodeSelector" . }} + nodeSelector: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.kserveModelsWebApp.tolerations" . }} + tolerations: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.kserveModelsWebApp.affinity" . }} + affinity: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.kserveModelsWebApp.topologySpreadConstraints" . }} + topologySpreadConstraints: + {{- . | nindent 8 }} + {{- end }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/kserve-models-web-app/service-account.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/kserve-models-web-app/service-account.yaml new file mode 100644 index 00000000..2ac59c06 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/kserve-models-web-app/service-account.yaml @@ -0,0 +1,15 @@ +{{- if (include "kubeflow.kserveModelsWebApp.createServiceAccount" . | eq "true") -}} + +apiVersion: v1 +kind: ServiceAccount +metadata: + {{- with .Values.kserveModelsWebApp.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "kubeflow.kserveModelsWebApp.labels" . | nindent 4 }} + name: {{ include "kubeflow.kserveModelsWebApp.serviceAccountName" . }} + namespace: {{ include "kubeflow.namespace" . }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/kserve-models-web-app/service.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/kserve-models-web-app/service.yaml new file mode 100644 index 00000000..8a30246e --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/kserve-models-web-app/service.yaml @@ -0,0 +1,24 @@ +{{- if (include "kubeflow.kserveModelsWebApp.enabled" . | eq "true") -}} + +apiVersion: v1 +kind: Service +metadata: + {{- with .Values.kserveModelsWebApp.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "kubeflow.kserveModelsWebApp.labels" . | nindent 4 }} + name: {{ include "kubeflow.kserveModelsWebApp.svc.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 5000 + selector: + {{- include "kubeflow.kserveModelsWebApp.selectorLabels" . | nindent 4 }} + type: {{ .Values.kserveModelsWebApp.service.type }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/kserve-models-web-app/virtual-service.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/kserve-models-web-app/virtual-service.yaml new file mode 100644 index 00000000..b93c6adf --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/kserve-models-web-app/virtual-service.yaml @@ -0,0 +1,25 @@ +{{- if (include "kubeflow.kserveModelsWebApp.enabled" . | eq "true") -}} + +apiVersion: networking.istio.io/v1beta1 +kind: VirtualService +metadata: + name: {{ include "kubeflow.kserveModelsWebApp.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + gateways: + - {{ include "kubeflow.namespace" . }}/{{ .Values.istioIntegration.gateway.name }} + hosts: + - '*' + http: + - match: + - uri: + prefix: {{ .Values.kserveModelsWebApp.config.urlPrefix }}/ + rewrite: + uri: / + route: + - destination: + host: {{ include "kubeflow.kserveModelsWebApp.svc.name" . }}.{{ include "kubeflow.namespace" . }}.svc.cluster.local + port: + number: 80 + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/kubeflow-roles/kubeflow-pipelines-roles.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/kubeflow-roles/kubeflow-pipelines-roles.yaml new file mode 100644 index 00000000..e8c8ae55 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/kubeflow-roles/kubeflow-pipelines-roles.yaml @@ -0,0 +1,146 @@ +# NOTE: IMPORTANT +# We need to separate out actual rules from aggregation rules due to +# https://github.com/kubernetes/kubernetes/issues/65171 +# TL;DR: We can't have both aggregation and rules in a [Cluster]Role. When that +# is the case, the rules get ignored. +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "kubeflow.kubeflowRoles.labels" . | nindent 4 }} + {{- include "kubeflow.kubeflowRoles.kubeflowEditRoleLabel" . | nindent 4 }} + name: {{ include "kubeflow.kubeflowRoles.kubeflowPipelinesEditRoleName" . }} +aggregationRule: + clusterRoleSelectors: + - matchLabels: + {{- include "kubeflow.kubeflowRoles.kubeflowPipelinesEditRoleLabel" . | nindent 6 }} +rules: [] + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "kubeflow.kubeflowRoles.labels" . | nindent 4 }} + {{- include "kubeflow.kubeflowRoles.kubeflowPipelinesEditRoleLabel" . | nindent 4 }} + {{- include "kubeflow.kubeflowRoles.kubeflowViewRoleLabel" . | nindent 4 }} + name: {{ include "kubeflow.kubeflowRoles.kubeflowPipelinesViewRoleName" . }} +aggregationRule: + clusterRoleSelectors: + - matchLabels: + {{- include "kubeflow.kubeflowRoles.kubeflowPipelinesViewRoleLabel" . | nindent 6 }} +rules: [] + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "kubeflow.kubeflowRoles.labels" . | nindent 4 }} + {{- include "kubeflow.kubeflowRoles.kubeflowPipelinesEditRoleLabel" . | nindent 4 }} + name: {{ include "kubeflow.kubeflowRoles.aggregateToKubeflowPipelinesEditRoleName" . }} +rules: +- apiGroups: + - pipelines.kubeflow.org + resources: + - pipelines + - pipelines/versions + verbs: + - create + - delete + - update +- apiGroups: + - pipelines.kubeflow.org + resources: + - experiments + verbs: + - archive + - create + - delete + - unarchive +- apiGroups: + - pipelines.kubeflow.org + resources: + - runs + verbs: + - archive + - create + - delete + - retry + - terminate + - unarchive + - reportMetrics + - readArtifact +- apiGroups: + - pipelines.kubeflow.org + resources: + - jobs + verbs: + - create + - delete + - disable + - enable +- apiGroups: + - kubeflow.org + verbs: + - '*' + resources: + - scheduledworkflows +- apiGroups: + - argoproj.io + verbs: + - '*' + resources: + - cronworkflows + - cronworkflows/finalizers + - workflows + - workflows/finalizers + - workfloweventbindings + - workflowtemplates + - workflowtaskresults + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "kubeflow.kubeflowRoles.labels" . | nindent 4 }} + {{- include "kubeflow.kubeflowRoles.kubeflowPipelinesViewRoleLabel" . | nindent 4 }} + name: {{ include "kubeflow.kubeflowRoles.aggregateToKubeflowPipelinesViewRoleName" . }} +rules: +- apiGroups: + - pipelines.kubeflow.org + resources: + - pipelines + - pipelines/versions + - experiments + - jobs + verbs: + - get + - list +- apiGroups: + - pipelines.kubeflow.org + resources: + - runs + verbs: + - get + - list + - readArtifact +- apiGroups: + - kubeflow.org + resources: + - viewers + verbs: + - create + - get + - delete +- apiGroups: + - pipelines.kubeflow.org + resources: + - visualizations + verbs: + - create diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/kubeflow-roles/kubeflow-roles.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/kubeflow-roles/kubeflow-roles.yaml new file mode 100644 index 00000000..80486ba8 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/kubeflow-roles/kubeflow-roles.yaml @@ -0,0 +1,43 @@ +# TODO: these roles should only be added in MULTIUSER mode. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "kubeflow.kubeflowRoles.labels" . | nindent 4 }} + name: {{ include "kubeflow.kubeflowRoles.kubeflowAdminRoleName" . }} +aggregationRule: + clusterRoleSelectors: + - matchLabels: + {{- include "kubeflow.kubeflowRoles.kubeflowAdminRoleLabel" . | nindent 6 }} +rules: [] + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "kubeflow.kubeflowRoles.labels" . | nindent 4 }} + {{- include "kubeflow.kubeflowRoles.kubeflowAdminRoleLabel" . | nindent 4 }} + name: {{ include "kubeflow.kubeflowRoles.kubeflowEditRoleName" . }} +aggregationRule: + clusterRoleSelectors: + - matchLabels: + {{- include "kubeflow.kubeflowRoles.kubeflowEditRoleLabel" . | nindent 6 }} +rules: [] + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "kubeflow.kubeflowRoles.labels" . | nindent 4 }} + {{- include "kubeflow.kubeflowRoles.kubeflowEditRoleLabel" . | nindent 4 }} + name: {{ include "kubeflow.kubeflowRoles.kubeflowViewRoleName" . }} +aggregationRule: + clusterRoleSelectors: + - matchLabels: + {{- include "kubeflow.kubeflowRoles.kubeflowViewRoleLabel" . | nindent 6 }} +rules: [] diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/kubeflow-roles/kubernetes-roles.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/kubeflow-roles/kubernetes-roles.yaml new file mode 100644 index 00000000..cce4366b --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/kubeflow-roles/kubernetes-roles.yaml @@ -0,0 +1,296 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "kubeflow.kubeflowRoles.labels" . | nindent 4 }} + {{- include "kubeflow.kubeflowRoles.kubeflowAdminRoleLabel" . | nindent 4 }} + name: {{ include "kubeflow.kubeflowRoles.kubernetesAdminRoleName" . }} +rules: +- apiGroups: + - authorization.k8s.io + resources: + - localsubjectaccessreviews + verbs: + - create +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + - roles + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "kubeflow.kubeflowRoles.labels" . | nindent 4 }} + {{- include "kubeflow.kubeflowRoles.kubeflowEditRoleLabel" . | nindent 4 }} + name: {{ include "kubeflow.kubeflowRoles.kubernetesEditRoleName" . }} +rules: +- apiGroups: + - "" + resources: + - pods/attach + - pods/exec + - pods/portforward + - pods/proxy + - secrets + - services/proxy + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - impersonate +- apiGroups: + - "" + resources: + - pods + - pods/attach + - pods/exec + - pods/portforward + - pods/proxy + verbs: + - create + - delete + - deletecollection + - patch + - update +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - persistentvolumeclaims + - replicationcontrollers + - replicationcontrollers/scale + - secrets + - serviceaccounts + - services + - services/proxy + verbs: + - create + - delete + - deletecollection + - patch + - update +- apiGroups: + - apps + resources: + - daemonsets + - deployments + - deployments/rollback + - deployments/scale + - replicasets + - replicasets/scale + - statefulsets + - statefulsets/scale + verbs: + - create + - delete + - deletecollection + - patch + - update +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - deletecollection + - patch + - update +- apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - create + - delete + - deletecollection + - patch + - update +- apiGroups: + - extensions + resources: + - daemonsets + - deployments + - deployments/rollback + - deployments/scale + - ingresses + - networkpolicies + - replicasets + - replicasets/scale + - replicationcontrollers/scale + verbs: + - create + - delete + - deletecollection + - patch + - update +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - create + - delete + - deletecollection + - patch + - update +- apiGroups: + - networking.k8s.io + resources: + - ingresses + - networkpolicies + verbs: + - create + - delete + - deletecollection + - patch + - update + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "kubeflow.kubeflowRoles.labels" . | nindent 4 }} + {{- include "kubeflow.kubeflowRoles.kubeflowViewRoleLabel" . | nindent 4 }} + name: {{ include "kubeflow.kubeflowRoles.kubernetesViewRoleName" . }} +rules: +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - persistentvolumeclaims + - persistentvolumeclaims/status + - pods + - replicationcontrollers + - replicationcontrollers/scale + - serviceaccounts + - services + - services/status + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - bindings + - events + - limitranges + - namespaces/status + - pods/log + - pods/status + - replicationcontrollers/status + - resourcequotas + - resourcequotas/status + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - apps + resources: + - controllerrevisions + - daemonsets + - daemonsets/status + - deployments + - deployments/scale + - deployments/status + - replicasets + - replicasets/scale + - replicasets/status + - statefulsets + - statefulsets/scale + - statefulsets/status + verbs: + - get + - list + - watch +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + - horizontalpodautoscalers/status + verbs: + - get + - list + - watch +- apiGroups: + - batch + resources: + - cronjobs + - cronjobs/status + - jobs + - jobs/status + verbs: + - get + - list + - watch +- apiGroups: + - extensions + resources: + - daemonsets + - daemonsets/status + - deployments + - deployments/scale + - deployments/status + - ingresses + - ingresses/status + - networkpolicies + - replicasets + - replicasets/scale + - replicasets/status + - replicationcontrollers/scale + verbs: + - get + - list + - watch +- apiGroups: + - policy + resources: + - poddisruptionbudgets + - poddisruptionbudgets/status + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + - ingresses/status + - networkpolicies + verbs: + - get + - list + - watch diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/authorizationpolicy.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/authorizationpolicy.yaml new file mode 100644 index 00000000..582fd634 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/authorizationpolicy.yaml @@ -0,0 +1,18 @@ +{{- if (include "kubeflow.modelRegistry.createIstioIntegrationObjects" .) -}} + +apiVersion: security.istio.io/v1beta1 +kind: AuthorizationPolicy +metadata: + labels: + {{- include "kubeflow.modelRegistry.labels" . | nindent 4 }} + name: {{ include "kubeflow.modelRegistry.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + action: ALLOW + selector: + matchLabels: + {{- include "kubeflow.modelRegistry.selectorLabels" . | nindent 6 }} + rules: + - {} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/cm.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/cm.yaml new file mode 100644 index 00000000..49178724 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/cm.yaml @@ -0,0 +1,16 @@ +{{- if (include "kubeflow.modelRegistry.enabled" . | eq "true" ) -}} + +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + {{- include "kubeflow.modelRegistry.labels" . | nindent 4 }} + name: {{ include "kubeflow.modelRegistry.configMapName" . }} + namespace: {{ include "kubeflow.namespace" . }} +data: + MODEL_REGISTRY_REST_SERVICE_HOST: "{{ include "kubeflow.modelRegistry.svc.name" . }}" + MODEL_REGISTRY_REST_SERVICE_PORT: "{{ .Values.modelRegistry.service.restPort }}" + MODEL_REGISTRY_GRPC_SERVICE_HOST: "{{ include "kubeflow.modelRegistry.svc.name" . }}" + MODEL_REGISTRY_GRPC_SERVICE_PORT: "{{ .Values.modelRegistry.service.grpcPort }}" + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/deployment.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/deployment.yaml new file mode 100644 index 00000000..8580d239 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/deployment.yaml @@ -0,0 +1,156 @@ +{{- if (include "kubeflow.modelRegistry.enabled" . | eq "true") -}} + +{{- $autoscalingEnabled := include "kubeflow.modelRegistry.autoscaling.enabled" . -}} +{{- $replicas := include "kubeflow.modelRegistry.autoscaling.minReplicas" . -}} + +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + {{- include "kubeflow.modelRegistry.labels" . | nindent 4 }} + name: {{ include "kubeflow.modelRegistry.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + {{- if (eq $autoscalingEnabled "false") }} + replicas: {{ $replicas }} + {{- end }} + + selector: + matchLabels: + {{- include "kubeflow.modelRegistry.selectorLabels" . | nindent 6 }} + + template: + metadata: + {{- with .Values.modelRegistry.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "kubeflow.modelRegistry.selectorLabels" . | nindent 8 }} + + spec: + containers: + - name: rest-container + image: {{ include "kubeflow.modelRegistry.rest.image" . }} + imagePullPolicy: {{ include "kubeflow.modelRegistry.rest.imagePullPolicy" . }} + + command: + - /model-registry + - proxy + args: + - --hostname=0.0.0.0 + - --port=$(MODEL_REGISTRY_REST_SERVICE_PORT) + - --mlmd-hostname=localhost + - --mlmd-port=$(MODEL_REGISTRY_GRPC_SERVICE_PORT) + + envFrom: + - configMapRef: + name: {{ include "kubeflow.modelRegistry.configMapName" . }} + + ports: + - name: http-api + containerPort: {{ .Values.modelRegistry.service.restPort }} + + livenessProbe: + initialDelaySeconds: 30 + periodSeconds: 5 + tcpSocket: + port: http-api + timeoutSeconds: 2 + readinessProbe: + initialDelaySeconds: 3 + periodSeconds: 5 + tcpSocket: + port: http-api + timeoutSeconds: 2 + + {{- with .Values.modelRegistry.rest.resources }} + resources: + {{- toYaml . | nindent 10 }} + {{- end }} + + {{- with include "kubeflow.modelRegistry.rest.containerSecurityContext" . }} + securityContext: + {{- . | nindent 10 }} + {{- end }} + + - name: grpc-container + image: {{ include "kubeflow.modelRegistry.grpc.image" . }} + imagePullPolicy: {{ include "kubeflow.modelRegistry.grpc.imagePullPolicy" . }} + + command: + - /bin/metadata_store_server + args: + - "--grpc_port=$(MODEL_REGISTRY_GRPC_SERVICE_PORT)" + - "--mysql_config_user=$({{ include "kubeflow.modelRegistry.config.db.user.env.name" . }})" + - "--mysql_config_password=$({{ include "kubeflow.modelRegistry.config.db.password.env.name" . }})" + - "--mysql_config_host=$({{ include "kubeflow.modelRegistry.config.db.host.env.name" . }})" + - "--mysql_config_port=$({{ include "kubeflow.modelRegistry.config.db.port.env.name" . }})" + - "--mysql_config_database=$({{ include "kubeflow.modelRegistry.config.db.dbName.env.name" . }})" + + env: + {{- include "kubeflow.modelRegistry.config.db.user.env.spec" . | nindent 10 }} + {{- include "kubeflow.modelRegistry.config.db.password.env.spec" . | nindent 10 }} + {{- include "kubeflow.modelRegistry.config.db.host.env.spec" . | nindent 10 }} + {{- include "kubeflow.modelRegistry.config.db.port.env.spec" . | nindent 10 }} + {{- include "kubeflow.modelRegistry.config.db.dbName.env.spec" . | nindent 10 }} + + envFrom: + - configMapRef: + name: {{ include "kubeflow.modelRegistry.configMapName" . }} + + ports: + - name: grpc-api + containerPort: {{ .Values.modelRegistry.service.grpcPort }} + + livenessProbe: + tcpSocket: + port: grpc-api + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + readinessProbe: + tcpSocket: + port: grpc-api + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + + {{- with .Values.modelRegistry.grpc.resources }} + resources: + {{- toYaml . | nindent 10 }} + {{- end }} + + {{- with include "kubeflow.modelRegistry.grpc.containerSecurityContext" . }} + securityContext: + {{- . | nindent 10 }} + {{- end }} + + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + + serviceAccountName: {{ include "kubeflow.modelRegistry.serviceAccountName" . }} + + {{- with include "kubeflow.modelRegistry.nodeSelector" . }} + nodeSelector: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.modelRegistry.tolerations" . }} + tolerations: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.modelRegistry.affinity" . }} + affinity: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.modelRegistry.topologySpreadConstraints" . }} + topologySpreadConstraints: + {{- . | nindent 8 }} + {{- end }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/destinationrule.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/destinationrule.yaml new file mode 100644 index 00000000..80efb127 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/destinationrule.yaml @@ -0,0 +1,16 @@ +{{- if (include "kubeflow.modelRegistry.createIstioIntegrationObjects" .) -}} + +apiVersion: networking.istio.io/v1alpha3 +kind: DestinationRule +metadata: + labels: + {{- include "kubeflow.modelRegistry.labels" . | nindent 4 }} + name: {{ include "kubeflow.modelRegistry.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + host: {{ include "kubeflow.modelRegistry.svc.fqdn" . }} + trafficPolicy: + tls: + mode: ISTIO_MUTUAL + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/hpa.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/hpa.yaml new file mode 100644 index 00000000..cc2e572f --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/hpa.yaml @@ -0,0 +1,36 @@ +{{- if (include "kubeflow.modelRegistry.autoscaling.enabled" . | eq "true") -}} + +{{- $componentName := include "kubeflow.modelRegistry.name" . -}} +{{- $minReplicas := include "kubeflow.modelRegistry.autoscaling.minReplicas" . -}} +{{- $maxReplicas := include "kubeflow.modelRegistry.autoscaling.maxReplicas" . -}} +{{- $targetCPUUtilizationPercentage := include "kubeflow.modelRegistry.autoscaling.targetCPUUtilizationPercentage" . -}} +{{- $targetMemoryUtilizationPercentage := include "kubeflow.modelRegistry.autoscaling.targetMemoryUtilizationPercentage" . -}} + +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + labels: + {{- include "kubeflow.modelRegistry.labels" . | nindent 4 }} + name: {{ $componentName }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ $componentName }} + minReplicas: {{ $minReplicas }} + maxReplicas: {{ $maxReplicas }} + metrics: + {{- if $targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + targetAverageUtilization: {{ $targetCPUUtilizationPercentage }} + {{- end }} + {{- if $targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + targetAverageUtilization: {{ $targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/poddisruptionbudget.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/poddisruptionbudget.yaml new file mode 100644 index 00000000..2e0e639c --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/poddisruptionbudget.yaml @@ -0,0 +1,18 @@ +{{- if (include "kubeflow.modelRegistry.pdb.create" . | eq "true") -}} + +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + labels: + {{- include "kubeflow.modelRegistry.labels" . | nindent 4 }} + name: {{ include "kubeflow.modelRegistry.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + selector: + matchLabels: + {{- include "kubeflow.modelRegistry.selectorLabels" . | nindent 6 }} + {{- with (include "kubeflow.modelRegistry.pdb.values" .) }} + {{- . | nindent 2 }} + {{- end }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/service.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/service.yaml new file mode 100644 index 00000000..b241a303 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/service.yaml @@ -0,0 +1,29 @@ +{{- if (include "kubeflow.modelRegistry.enabled" . | eq "true") -}} + +apiVersion: v1 +kind: Service +metadata: + {{- with .Values.modelRegistry.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "kubeflow.modelRegistry.labels" . | nindent 4 }} + name: {{ include "kubeflow.modelRegistry.svc.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + ports: + - port: {{ .Values.modelRegistry.service.restPort }} + protocol: TCP + appProtocol: http + name: http-api + - port: {{ .Values.modelRegistry.service.grpcPort }} + protocol: TCP + appProtocol: grpc + name: grpc-api + selector: + {{- include "kubeflow.modelRegistry.selectorLabels" . | nindent 4 }} + sessionAffinity: None + type: {{ .Values.modelRegistry.service.type }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/serviceaccount.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/serviceaccount.yaml new file mode 100644 index 00000000..92c609b7 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/serviceaccount.yaml @@ -0,0 +1,15 @@ +{{- if (include "kubeflow.modelRegistry.createServiceAccount" . | eq "true") -}} + +apiVersion: v1 +kind: ServiceAccount +metadata: + {{- with .Values.modelRegistry.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4}} + {{- end }} + labels: + {{- include "kubeflow.modelRegistry.labels" . | nindent 4 }} + name: {{ include "kubeflow.modelRegistry.serviceAccountName" . }} + namespace: {{ include "kubeflow.namespace" . }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/virtualservice.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/virtualservice.yaml new file mode 100644 index 00000000..4364dfa2 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/virtualservice.yaml @@ -0,0 +1,36 @@ +{{- if (include "kubeflow.modelRegistry.createIstioIntegrationObjects" .) -}} + +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + labels: + {{- include "kubeflow.modelRegistry.labels" . | nindent 4 }} + name: {{ include "kubeflow.modelRegistry.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + gateways: + - {{ .Values.istioIntegration.gateway.name }} + hosts: + - '*' + http: + - match: + - uri: + prefix: {{ .Values.modelRegistry.config.rest.urlPrefix }} + route: + - destination: + host: {{ include "kubeflow.modelRegistry.svc.fqdn" . }} + port: + number: {{ .Values.modelRegistry.service.restPort }} + - match: + - port: {{ .Values.modelRegistry.service.grpcPort }} + - authority: + regex: {{ include "kubeflow.modelRegistry.svc.name" . }}(\..+)?(:{{ .Values.modelRegistry.service.grpcPort }})? + - uri: + prefix: {{ .Values.modelRegistry.config.grpc.urlPrefix }} + route: + - destination: + host: {{ include "kubeflow.modelRegistry.svc.fqdn" . }} + port: + number: {{ .Values.modelRegistry.service.grpcPort }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/admission-webhook.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/admission-webhook.yaml new file mode 100644 index 00000000..8a080b19 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/admission-webhook.yaml @@ -0,0 +1,30 @@ +{{- if (include "kubeflow.networkPolicies.enabled" .) -}} + +{{/* +Admission Webhook is also known as PodDefaults. +*/}} + +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + {{- include "kubeflow.networkPolicies.labels" . | nindent 4 }} + name: {{ include "kubeflow.admissionWebhook.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + podSelector: + matchExpressions: + - key: app.kubernetes.io/component + operator: In + values: + - {{ include "kubeflow.admissionWebhook.name" . }} # mutating webhook + # https://www.elastic.co/guide/en/cloud-on-k8s/1.1/k8s-webhook-network-policies.html + # The kubernetes api server must reach the webhook + ingress: + - ports: + - protocol: TCP + port: {{ .Values.admissionWebhook.service.targetPort }} + policyTypes: + - Ingress + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/centraldashboard.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/centraldashboard.yaml new file mode 100644 index 00000000..319ae42c --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/centraldashboard.yaml @@ -0,0 +1,29 @@ +{{- if (include "kubeflow.networkPolicies.enabled" .) -}} + +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + {{- include "kubeflow.networkPolicies.labels" . | nindent 4 }} + name: {{ include "kubeflow.centraldashboard.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + podSelector: + matchExpressions: + - key: app.kubernetes.io/component + operator: In + values: + - {{ include "kubeflow.centraldashboard.name" . }} + ingress: + - from: + - namespaceSelector: + matchExpressions: + - key: kubernetes.io/metadata.name + operator: In + values: + - {{ .Values.istioIntegration.ingressGatewayNamespace }} + - podSelector: {} + policyTypes: + - Ingress + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/default-allow-same-namespace.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/default-allow-same-namespace.yaml new file mode 100644 index 00000000..2f4a76a2 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/default-allow-same-namespace.yaml @@ -0,0 +1,18 @@ +{{- if (include "kubeflow.networkPolicies.enabled" .) -}} + +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + {{- include "kubeflow.networkPolicies.labels" . | nindent 4 }} + name: default-allow-same-namespace + namespace: {{ include "kubeflow.namespace" . }} +spec: + podSelector: {} + ingress: + - from: + - podSelector: {} + policyTypes: + - Ingress + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/katib-controller.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/katib-controller.yaml new file mode 100644 index 00000000..56749591 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/katib-controller.yaml @@ -0,0 +1,33 @@ +{{- if (include "kubeflow.networkPolicies.enabled" .) -}} + +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + {{- include "kubeflow.networkPolicies.labels" . | nindent 4 }} + name: {{ include "kubeflow.katib.controller.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + podSelector: + matchExpressions: + - key: app.kubernetes.io/component + operator: In + values: + - {{ include "kubeflow.katib.name" . }} + - key: app.kubernetes.io/subcomponent + operator: In + values: + - {{ include "kubeflow.katib.controller.name" . }} + # https://www.elastic.co/guide/en/cloud-on-k8s/1.1/k8s-webhook-network-policies.html + # The kubernetes api server must reach the webhook + ingress: + - ports: # webhook + - protocol: TCP + port: {{ .Values.katib.controller.service.webhook.targetPort }} + - ports: # metrics + - protocol: TCP + port: {{ .Values.katib.controller.service.metrics.targetPort }} + policyTypes: + - Ingress + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/katib-db-manager.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/katib-db-manager.yaml new file mode 100644 index 00000000..8b0ceff7 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/katib-db-manager.yaml @@ -0,0 +1,34 @@ +{{- if (include "kubeflow.networkPolicies.enabled" .) -}} + +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + {{- include "kubeflow.networkPolicies.labels" . | nindent 4 }} + name: {{ include "kubeflow.katib.dbmanager.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + podSelector: + matchExpressions: + # the metrics loggers write directly to this database + - key: app.kubernetes.io/component + operator: In + values: + - {{ include "kubeflow.katib.name" . }} + - key: app.kubernetes.io/subcomponent + operator: In + values: + - {{ include "kubeflow.katib.dbmanager.name" . }} + ingress: + - from: + - namespaceSelector: + matchExpressions: + - key: app.kubernetes.io/part-of + operator: In + values: + - kubeflow-profile + - podSelector: {} # allow all pods from the same namespace + policyTypes: + - Ingress + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/katib-ui.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/katib-ui.yaml new file mode 100644 index 00000000..3d1ce28b --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/katib-ui.yaml @@ -0,0 +1,32 @@ +{{- if (include "kubeflow.networkPolicies.enabled" .) -}} + +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + {{- include "kubeflow.networkPolicies.labels" . | nindent 4 }} + name: {{ include "kubeflow.katib.ui.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + podSelector: + matchExpressions: + - key: app.kubernetes.io/component + operator: In + values: + - {{ include "kubeflow.katib.name" . }} + - key: app.kubernetes.io/subcomponent + operator: In + values: + - {{ include "kubeflow.katib.ui.name" . }} + ingress: + - from: + - namespaceSelector: + matchExpressions: + - key: kubernetes.io/metadata.name + operator: In + values: + - {{ .Values.istioIntegration.ingressGatewayNamespace }} + policyTypes: + - Ingress + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/kserve-models-web-app.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/kserve-models-web-app.yaml new file mode 100644 index 00000000..e10a2f6d --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/kserve-models-web-app.yaml @@ -0,0 +1,28 @@ +{{- if (include "kubeflow.networkPolicies.enabled" .) -}} + +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + {{- include "kubeflow.networkPolicies.labels" . | nindent 4 }} + name: {{ include "kubeflow.kserveModelsWebApp.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + podSelector: + matchExpressions: + - key: app.kubernetes.io/component + operator: In + values: + - {{ include "kubeflow.kserveModelsWebApp.name" . }} + ingress: + - from: + - namespaceSelector: + matchExpressions: + - key: kubernetes.io/metadata.name + operator: In + values: + - {{ .Values.istioIntegration.ingressGatewayNamespace }} + policyTypes: + - Ingress + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/ml-pipeline-apiserver.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/ml-pipeline-apiserver.yaml new file mode 100644 index 00000000..7cbd166a --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/ml-pipeline-apiserver.yaml @@ -0,0 +1,38 @@ +{{- if (include "kubeflow.networkPolicies.enabled" .) -}} + +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + {{- include "kubeflow.networkPolicies.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.mlPipeline.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + podSelector: + matchExpressions: + - key: app.kubernetes.io/component + operator: In + values: + - {{ include "kubeflow.pipelines.name" . }} + - key: app.kubernetes.io/subcomponent + operator: In + values: + - {{ include "kubeflow.pipelines.mlPipeline.name" . }} + ingress: + - from: + - namespaceSelector: + matchExpressions: + - key: app.kubernetes.io/part-of + operator: In + values: + - kubeflow-profile + - namespaceSelector: + matchExpressions: + - key: kubernetes.io/metadata.name + operator: In + values: + - {{ .Values.istioIntegration.ingressGatewayNamespace }} + policyTypes: + - Ingress + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/ml-pipeline-cache.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/ml-pipeline-cache.yaml new file mode 100644 index 00000000..59c8c7e5 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/ml-pipeline-cache.yaml @@ -0,0 +1,30 @@ +{{- if (include "kubeflow.networkPolicies.enabled" .) -}} + +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + {{- include "kubeflow.networkPolicies.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.cache.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + podSelector: + matchExpressions: + - key: app.kubernetes.io/component + operator: In + values: + - {{ include "kubeflow.pipelines.name" . }} + - key: app.kubernetes.io/subcomponent + operator: In + values: + - {{ include "kubeflow.pipelines.cache.name" . }} # mutating webhook + # https://www.elastic.co/guide/en/cloud-on-k8s/1.1/k8s-webhook-network-policies.html + # The kubernetes api server must reach the webhook + ingress: + - ports: + - protocol: TCP + port: {{ .Values.pipelines.cache.service.targetPort }} + policyTypes: + - Ingress + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/ml-pipeline-metadata-envoy.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/ml-pipeline-metadata-envoy.yaml new file mode 100644 index 00000000..0c0d70c5 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/ml-pipeline-metadata-envoy.yaml @@ -0,0 +1,33 @@ +{{- if (include "kubeflow.networkPolicies.enabled" .) -}} + +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + {{- include "kubeflow.networkPolicies.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.metadataEnvoy.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + podSelector: + matchExpressions: + - key: app.kubernetes.io/component + operator: In + values: + - {{ include "kubeflow.pipelines.name" . }} + - key: app.kubernetes.io/subcomponent + operator: In + values: + - {{ include "kubeflow.pipelines.metadataEnvoy.name" . }} + ingress: + - from: + - namespaceSelector: + matchExpressions: + - key: kubernetes.io/metadata.name + operator: In + values: + - {{ .Values.istioIntegration.ingressGatewayNamespace }} + - podSelector: {} + policyTypes: + - Ingress + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/ml-pipeline-metadata-grpc-server.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/ml-pipeline-metadata-grpc-server.yaml new file mode 100644 index 00000000..b589b84a --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/ml-pipeline-metadata-grpc-server.yaml @@ -0,0 +1,33 @@ +{{- if (include "kubeflow.networkPolicies.enabled" .) -}} + +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + {{- include "kubeflow.networkPolicies.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.metadataGrpcServer.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + podSelector: + matchExpressions: + - key: app.kubernetes.io/component + operator: In + values: + - {{ include "kubeflow.pipelines.name" . }} + - key: app.kubernetes.io/subcomponent + operator: In + values: + - {{ include "kubeflow.pipelines.metadataGrpcServer.name" . }} + ingress: + - from: + - namespaceSelector: + matchExpressions: + - key: app.kubernetes.io/part-of + operator: In + values: + - kubeflow-profile + - podSelector: {} # allow all pods from the same namespace + policyTypes: + - Ingress + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/ml-pipeline-ui.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/ml-pipeline-ui.yaml new file mode 100644 index 00000000..f3a15c20 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/ml-pipeline-ui.yaml @@ -0,0 +1,32 @@ +{{- if (include "kubeflow.networkPolicies.enabled" .) -}} + +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + {{- include "kubeflow.networkPolicies.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.ui.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + podSelector: + matchExpressions: + - key: app.kubernetes.io/component + operator: In + values: + - {{ include "kubeflow.pipelines.name" . }} + - key: app.kubernetes.io/subcomponent + operator: In + values: + - {{ include "kubeflow.pipelines.ui.name" . }} + ingress: + - from: + - namespaceSelector: + matchExpressions: + - key: kubernetes.io/metadata.name + operator: In + values: + - {{ .Values.istioIntegration.ingressGatewayNamespace }} + policyTypes: + - Ingress + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/model-registry.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/model-registry.yaml new file mode 100644 index 00000000..6de89019 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/model-registry.yaml @@ -0,0 +1,39 @@ +{{- if (include "kubeflow.networkPolicies.enabled" .) -}} + +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + {{- include "kubeflow.networkPolicies.labels" . | nindent 4 }} + name: {{ include "kubeflow.modelRegistry.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + podSelector: + matchExpressions: + - key: app.kubernetes.io/component + operator: In + values: + - {{ include "kubeflow.modelRegistry.name" . }} + ingress: + - from: + - namespaceSelector: + matchExpressions: + - key: app.kubernetes.io/part-of + operator: In + values: + - kubeflow-profile + - namespaceSelector: + matchExpressions: + - key: kubernetes.io/metadata.name + operator: In + values: + - {{ .Values.istioIntegration.ingressGatewayNamespace }} + ports: + - port: {{ .Values.modelRegistry.service.restPort }} + protocol: TCP + - port: {{ .Values.modelRegistry.service.grpcPort }} + protocol: TCP + policyTypes: + - Ingress + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/notebooks-jupyter-web-app.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/notebooks-jupyter-web-app.yaml new file mode 100644 index 00000000..cec14c84 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/notebooks-jupyter-web-app.yaml @@ -0,0 +1,33 @@ +{{- if (include "kubeflow.networkPolicies.enabled" .) -}} + +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + {{- include "kubeflow.networkPolicies.labels" . | nindent 4 }} + name: {{ include "kubeflow.notebooks.jupyterWebApp.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + podSelector: + matchExpressions: + - key: app.kubernetes.io/component + operator: In + values: + - {{ include "kubeflow.notebooks.name" . }} + - key: app.kubernetes.io/subcomponent + operator: In + values: + - {{ include "kubeflow.notebooks.jupyterWebApp.name" . }} + ingress: + - from: + - namespaceSelector: + matchExpressions: + - key: kubernetes.io/metadata.name + operator: In + values: + - {{ .Values.istioIntegration.ingressGatewayNamespace }} + - podSelector: {} + policyTypes: + - Ingress + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/notebooks-pvcviewer.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/notebooks-pvcviewer.yaml new file mode 100644 index 00000000..2d2cbec1 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/notebooks-pvcviewer.yaml @@ -0,0 +1,30 @@ +{{- if (include "kubeflow.networkPolicies.enabled" .) -}} + +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + {{- include "kubeflow.networkPolicies.labels" . | nindent 4 }} + name: {{ include "kubeflow.notebooks.pvcviewerController.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + podSelector: + matchExpressions: + - key: app.kubernetes.io/component + operator: In + values: + - {{ include "kubeflow.notebooks.name" . }} + - key: app.kubernetes.io/subcomponent + operator: In + values: + - {{ include "kubeflow.notebooks.pvcviewerController.name" . }} + # https://www.elastic.co/guide/en/cloud-on-k8s/1.1/k8s-webhook-network-policies.html + # The kubernetes api server must reach the webhook + ingress: + - ports: + - protocol: TCP + port: {{ include "kubeflow.notebooks.pvcviewerController.webhook.port" . }} + policyTypes: + - Ingress + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/notebooks-volumes-web-app.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/notebooks-volumes-web-app.yaml new file mode 100644 index 00000000..f6cc2989 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/notebooks-volumes-web-app.yaml @@ -0,0 +1,33 @@ +{{- if (include "kubeflow.networkPolicies.enabled" .) -}} + +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + {{- include "kubeflow.networkPolicies.labels" . | nindent 4 }} + name: {{ include "kubeflow.notebooks.volumesWebApp.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + podSelector: + matchExpressions: + - key: app.kubernetes.io/component + operator: In + values: + - {{ include "kubeflow.notebooks.name" . }} + - key: app.kubernetes.io/subcomponent + operator: In + values: + - {{ include "kubeflow.notebooks.volumesWebApp.name" . }} + ingress: + - from: + - namespaceSelector: + matchExpressions: + - key: kubernetes.io/metadata.name + operator: In + values: + - {{ .Values.istioIntegration.ingressGatewayNamespace }} + - podSelector: {} + policyTypes: + - Ingress + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/tensorboards-web-app.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/tensorboards-web-app.yaml new file mode 100644 index 00000000..2d82dfb6 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/tensorboards-web-app.yaml @@ -0,0 +1,35 @@ +{{- if (include "kubeflow.networkPolicies.enabled" .) -}} + +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + {{- include "kubeflow.networkPolicies.labels" . | nindent 4 }} + name: {{ include "kubeflow.tensorboard.tensorboardsWebApp.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + podSelector: + matchExpressions: + - key: app.kubernetes.io/component + operator: In + values: + - {{ include "kubeflow.tensorboard.name" . }} + - key: app.kubernetes.io/subcomponent + operator: In + values: + - {{ include "kubeflow.tensorboard.tensorboardsWebApp.name" . }} + ingress: + - from: + - namespaceSelector: + matchExpressions: + - key: kubernetes.io/metadata.name + operator: In + values: + - {{ .Values.istioIntegration.ingressGatewayNamespace }} + ports: + - protocol: TCP + port: {{ .Values.tensorboard.tensorboardsWebApp.service.targetPort }} + policyTypes: + - Ingress + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/training-operator-webhook.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/training-operator-webhook.yaml new file mode 100644 index 00000000..63f8914f --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/training-operator-webhook.yaml @@ -0,0 +1,26 @@ +{{- if (include "kubeflow.networkPolicies.enabled" .) -}} + +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + {{- include "kubeflow.networkPolicies.labels" . | nindent 4 }} + name: {{ include "kubeflow.trainingOperator.name" . }}-webhook + namespace: {{ include "kubeflow.namespace" . }} +spec: + podSelector: + matchExpressions: + - key: app.kubernetes.io/component + operator: In + values: + - {{ include "kubeflow.trainingOperator.name" . }} + # https://www.elastic.co/guide/en/cloud-on-k8s/1.1/k8s-webhook-network-policies.html + # The kubernetes api server must reach the webhook + ingress: + - ports: + - protocol: TCP + port: {{ include "kubeflow.notebooks.pvcviewerController.webhook.port" . }} + policyTypes: + - Ingress + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/controller/deployment.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/controller/deployment.yaml new file mode 100644 index 00000000..e3d4808b --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/controller/deployment.yaml @@ -0,0 +1,71 @@ +{{- if (include "kubeflow.notebooks.controller.enabled" . | eq "true") -}} + +{{- $autoscalingEnabled := include "kubeflow.notebooks.controller.autoscaling.enabled" . -}} +{{- $replicas := include "kubeflow.notebooks.controller.autoscaling.minReplicas" . -}} + +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + {{- include "kubeflow.notebooks.controller.labels" . | nindent 4 }} + name: {{ include "kubeflow.notebooks.controller.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + {{- if (eq $autoscalingEnabled "false") }} + replicas: {{ $replicas }} + {{- end }} + + selector: + matchLabels: + {{- include "kubeflow.notebooks.controller.selectorLabels" . | nindent 6 }} + + template: + metadata: + labels: + {{- include "kubeflow.notebooks.controller.selectorLabels" . | nindent 8 }} + + spec: + containers: + - name: {{ include "kubeflow.notebooks.controller.baseName" . }} + image: {{ include "kubeflow.notebooks.controller.image" . }} + imagePullPolicy: {{ include "kubeflow.notebooks.controller.imagePullPolicy" . }} + + command: + - /manager + + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + + env: + - name: USE_ISTIO + value: {{ .Values.istioIntegration.enabled | quote }} + - name: ISTIO_GATEWAY + value: {{ include "kubeflow.namespace" . }}/{{ .Values.istioIntegration.gateway.name }} + - name: ISTIO_HOST + value: "*" + - name: CLUSTER_DOMAIN + value: {{ .Values.clusterDomain }} + - name: ENABLE_CULLING + value: {{ .Values.notebooks.controller.config.culling.enabled | quote }} + - name: CULL_IDLE_TIME + value: {{ .Values.notebooks.controller.config.culling.idleTimeMinutes | quote }} + - name: IDLENESS_CHECK_PERIOD + value: {{ .Values.notebooks.controller.config.culling.idleCheckPeriodMinutes | quote }} + + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "kubeflow.notebooks.controller.serviceAccountName" . }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/controller/rbac/clusterrole.main.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/controller/rbac/clusterrole.main.yaml new file mode 100644 index 00000000..4eabbe6e --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/controller/rbac/clusterrole.main.yaml @@ -0,0 +1,55 @@ +{{- if (include "kubeflow.notebooks.controller.rbac.createRoles" . | eq "true") -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "kubeflow.notebooks.controller.labels" . | nindent 4 }} + name: {{ include "kubeflow.notebooks.controller.mainClusterRoleName" . }} +rules: +- apiGroups: + - apps + resources: + - statefulsets + verbs: + - '*' +- apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - '*' +- apiGroups: + - kubeflow.org + resources: + - notebooks + - notebooks/finalizers + - notebooks/status + verbs: + - '*' +- apiGroups: + - networking.istio.io + resources: + - virtualservices + verbs: + - '*' + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/controller/rbac/clusterrolebinding.main.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/controller/rbac/clusterrolebinding.main.yaml new file mode 100644 index 00000000..ae2b88a2 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/controller/rbac/clusterrolebinding.main.yaml @@ -0,0 +1,18 @@ +{{- if (include "kubeflow.notebooks.controller.rbac.createRoles" . | eq "true") -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + {{- include "kubeflow.notebooks.controller.labels" . | nindent 4 }} + name: {{ include "kubeflow.notebooks.controller.mainClusterRoleBindingName" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "kubeflow.notebooks.controller.mainClusterRoleName" . }} +subjects: +- kind: ServiceAccount + name: {{ include "kubeflow.notebooks.controller.serviceAccountName" . }} + namespace: {{ include "kubeflow.namespace" . }} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/controller/rbac/clusterroles.user.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/controller/rbac/clusterroles.user.yaml new file mode 100644 index 00000000..fba2a5b4 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/controller/rbac/clusterroles.user.yaml @@ -0,0 +1,62 @@ +{{- if (include "kubeflow.notebooks.controller.rbac.createRoles" . | eq "true") -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "kubeflow.notebooks.controller.labels" . | nindent 4 }} + {{- include "kubeflow.kubeflowRoles.kubeflowAdminRoleLabel" . | nindent 4 }} + name: {{ include "kubeflow.notebooks.controller.kfNbAdminClusterRoleName" . }} +aggregationRule: + clusterRoleSelectors: + - matchLabels: + {{- include "kubeflow.notebooks.controller.kfNbAdminClusterRoleLabel" . | nindent 6 }} +rules: [] + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "kubeflow.notebooks.controller.labels" . | nindent 4 }} + {{- include "kubeflow.kubeflowRoles.kubeflowEditRoleLabel" . | nindent 4 }} + {{- include "kubeflow.notebooks.controller.kfNbAdminClusterRoleLabel" . | nindent 4 }} + name: {{ include "kubeflow.notebooks.controller.kfNbEditClusterRoleName" . }} +rules: +- apiGroups: + - kubeflow.org + resources: + - notebooks + - notebooks/status + verbs: + - get + - list + - watch + - create + - delete + - deletecollection + - patch + - update + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "kubeflow.notebooks.controller.labels" . | nindent 4 }} + {{- include "kubeflow.kubeflowRoles.kubeflowViewRoleLabel" . | nindent 4 }} + name: {{ include "kubeflow.notebooks.controller.kfNbViewClusterRoleName" . }} +rules: +- apiGroups: + - kubeflow.org + resources: + - notebooks + - notebooks/status + verbs: + - get + - list + - watch + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/controller/rbac/role.leader-election.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/controller/rbac/role.leader-election.yaml new file mode 100644 index 00000000..d25471a0 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/controller/rbac/role.leader-election.yaml @@ -0,0 +1,38 @@ +{{- if (include "kubeflow.notebooks.controller.rbac.createRoles" . | eq "true") -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + {{- include "kubeflow.notebooks.controller.labels" . | nindent 4 }} + name: {{ include "kubeflow.notebooks.controller.leaderElectionRoleName" . }} + namespace: {{ include "kubeflow.namespace" . }} +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps/status + verbs: + - get + - update + - patch +- apiGroups: + - "" + resources: + - events + verbs: + - create + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/controller/rbac/rolebinding.leader-election.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/controller/rbac/rolebinding.leader-election.yaml new file mode 100644 index 00000000..484fdae7 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/controller/rbac/rolebinding.leader-election.yaml @@ -0,0 +1,19 @@ +{{- if (include "kubeflow.notebooks.controller.rbac.createRoles" . | eq "true") -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + {{- include "kubeflow.notebooks.controller.labels" . | nindent 4 }} + name: {{ include "kubeflow.notebooks.controller.leaderElectionRoleBindingName" . }} + namespace: {{ include "kubeflow.namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "kubeflow.notebooks.controller.leaderElectionRoleName" . }} +subjects: +- kind: ServiceAccount + name: {{ include "kubeflow.notebooks.controller.serviceAccountName" .}} + namespace: {{ include "kubeflow.namespace" . }} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/controller/rbac/serviceaccount.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/controller/rbac/serviceaccount.yaml new file mode 100644 index 00000000..b70de3c9 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/controller/rbac/serviceaccount.yaml @@ -0,0 +1,15 @@ +{{- if (include "kubeflow.notebooks.controller.createServiceAccount" . | eq "true") -}} + +apiVersion: v1 +kind: ServiceAccount +metadata: + {{- with .Values.notebooks.controller.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4}} + {{- end }} + labels: + {{- include "kubeflow.notebooks.controller.labels" . | nindent 4 }} + name: {{ include "kubeflow.notebooks.controller.serviceAccountName" . }} + namespace: {{ include "kubeflow.namespace" . }} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/controller/service.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/controller/service.yaml new file mode 100644 index 00000000..a691d5b4 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/controller/service.yaml @@ -0,0 +1,22 @@ +{{- if (include "kubeflow.notebooks.controller.enabled" . | eq "true") -}} + +apiVersion: v1 +kind: Service +metadata: + {{- with .Values.notebooks.controller.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "kubeflow.notebooks.controller.labels" . | nindent 4 }} + name: {{ include "kubeflow.notebooks.controller.svc.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + ports: + - port: 443 + selector: + {{- include "kubeflow.notebooks.controller.selectorLabels" . | nindent 4 }} + sessionAffinity: None + type: {{ .Values.notebooks.controller.service.type }} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/NOTES.txt b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/NOTES.txt new file mode 100644 index 00000000..2e8a9be5 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/NOTES.txt @@ -0,0 +1 @@ +The Role and RoleBinding were not added because of https://github.com/kubeflow/manifests/issues/2601 diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/authorizationpolicy.extAuth.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/authorizationpolicy.extAuth.yaml new file mode 100644 index 00000000..0a119299 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/authorizationpolicy.extAuth.yaml @@ -0,0 +1,29 @@ +{{- if and + (include "kubeflow.notebooks.jupyterWebApp.createIstioIntegrationObjects" . | eq "true") + (include "kubeflow.istioIntegration.authorizationMode.granular" . | eq "true") +-}} + +# NOTE: this AuthorizationPolicy forces traffic through ext authz http extension +# so we don't have to provide configuration to allow traffic only from +# istio-ingressgateway. The .spec.rules.to.operations.notPaths is configured for +# CloudFlare integration and allows only static, non-secret assets to be +# accessible without the Istio Auth. + +apiVersion: security.istio.io/v1beta1 +kind: AuthorizationPolicy +metadata: + labels: + {{- include "kubeflow.notebooks.jupyterWebApp.labels" . | nindent 4 }} + name: {{ include "kubeflow.notebooks.jupyterWebApp.authorizationPolicyExtAuthName" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + action: CUSTOM + provider: + name: {{ .Values.istioIntegration.envoyExtAuthzHttpExtensionProviderName }} + rules: + - {} + selector: + matchLabels: + {{- include "kubeflow.notebooks.jupyterWebApp.selectorLabels" . | nindent 6 }} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/authorizationpolicy.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/authorizationpolicy.yaml new file mode 100644 index 00000000..8e35226b --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/authorizationpolicy.yaml @@ -0,0 +1,20 @@ +{{- if (include "kubeflow.notebooks.jupyterWebApp.createIstioIntegrationObjects" .) -}} + +apiVersion: security.istio.io/v1beta1 +kind: AuthorizationPolicy +metadata: + labels: + {{- include "kubeflow.notebooks.jupyterWebApp.labels" . | nindent 4 }} + name: {{ include "kubeflow.notebooks.jupyterWebApp.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + selector: + matchLabels: + {{- include "kubeflow.notebooks.jupyterWebApp.selectorLabels" . | nindent 6 }} + rules: + - from: + - source: + namespaces: + - {{ .Values.istioIntegration.ingressGatewayNamespace }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/cluster-role-binding.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/cluster-role-binding.yaml new file mode 100644 index 00000000..aabda11d --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/cluster-role-binding.yaml @@ -0,0 +1,18 @@ +{{- if (include "kubeflow.notebooks.jupyterWebApp.rbac.createRoles" . | eq "true" ) -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + {{- include "kubeflow.notebooks.jupyterWebApp.labels" . | nindent 4 }} + name: {{ include "kubeflow.notebooks.jupyterWebApp.mainClusterRoleBindingName" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "kubeflow.notebooks.jupyterWebApp.mainClusterRoleName" . }} +subjects: +- kind: ServiceAccount + name: {{ include "kubeflow.notebooks.jupyterWebApp.serviceAccountName" . }} + namespace: {{ include "kubeflow.namespace" . }} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/cluster-role.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/cluster-role.yaml new file mode 100644 index 00000000..c80c7615 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/cluster-role.yaml @@ -0,0 +1,123 @@ +{{- if (include "kubeflow.notebooks.jupyterWebApp.rbac.createRoles" . | eq "true" ) -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "kubeflow.notebooks.jupyterWebApp.labels" . | nindent 4 }} + name: {{ include "kubeflow.notebooks.jupyterWebApp.mainClusterRoleName" . }} +rules: +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +- apiGroups: + - kubeflow.org + resources: + - notebooks + - notebooks/finalizers + - poddefaults + verbs: + - get + - list + - create + - delete + - patch + - update +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete + - get + - list +- apiGroups: + - "" + resources: + - events + - nodes + verbs: + - list +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - pods + - pods/log + verbs: + - list + - get + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "kubeflow.notebooks.jupyterWebApp.labels" . | nindent 4 }} + {{- include "kubeflow.kubeflowRoles.kubeflowAdminRoleLabel" . | nindent 4 }} + name: {{ include "kubeflow.notebooks.jupyterWebApp.kfNbUiAdminClusterRoleName" . }} +rules: [] + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "kubeflow.notebooks.jupyterWebApp.labels" . | nindent 4 }} + {{- include "kubeflow.kubeflowRoles.kubeflowEditRoleLabel" . | nindent 4 }} + name: {{ include "kubeflow.notebooks.jupyterWebApp.kfNbUiEditClusterRoleName" . }} +rules: +- apiGroups: + - kubeflow.org + resources: + - notebooks + - notebooks/finalizers + - poddefaults + verbs: + - get + - list + - create + - delete + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "kubeflow.notebooks.jupyterWebApp.labels" . | nindent 4 }} + {{- include "kubeflow.kubeflowRoles.kubeflowViewRoleLabel" . | nindent 4 }} + name: {{ include "kubeflow.notebooks.jupyterWebApp.kfNbUiViewClusterRoleName" . }} +rules: +- apiGroups: + - kubeflow.org + resources: + - notebooks + - notebooks/finalizers + - poddefaults + verbs: + - get + - list +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/cm.logos.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/cm.logos.yaml new file mode 100644 index 00000000..14a24039 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/cm.logos.yaml @@ -0,0 +1,229 @@ +{{- if (include "kubeflow.notebooks.jupyterWebApp.logos.createConfigMap" . | eq "true" ) -}} + +{{- $jupyterIconSvg := .Values.notebooks.jupyterWebApp.logos.icons.jupyterIconSvg -}} +{{- $jupyterLabLogoSvg := .Values.notebooks.jupyterWebApp.logos.icons.jupyterLabLogoSvg -}} +{{- $groupOneLogoSvg := .Values.notebooks.jupyterWebApp.logos.icons.groupOneLogoSvg -}} +{{- $groupOneIconSvg := .Values.notebooks.jupyterWebApp.logos.icons.groupOneIconSvg -}} +{{- $groupTwoIconSvg := .Values.notebooks.jupyterWebApp.logos.icons.groupTwoIconSvg -}} +{{- $groupTwoLogoSvg := .Values.notebooks.jupyterWebApp.logos.icons.groupTwoLogoSvg -}} + +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + {{- include "kubeflow.notebooks.jupyterWebApp.labels" . | nindent 4 }} + name: {{ include "kubeflow.notebooks.jupyterWebApp.logos.configMapName" . }} + namespace: {{ include "kubeflow.namespace" . }} +data: + jupyter-icon.svg: | + {{- if $jupyterIconSvg }} + {{- $jupyterIconSvg | nindent 4 }} + {{ else }} + + Created using Figma 0.90 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + {{- end }} + jupyterlab-logo.svg: | + {{- if $jupyterLabLogoSvg }} + {{- $jupyterLabLogoSvg | nindent 4 }} + {{ else }} + + + + + + {{- end }} + group-one-icon.svg: |- + {{- if $groupOneIconSvg }} + {{- $groupOneIconSvg | nindent 4 }} + {{ else }} + + + + + + + + + {{- end }} + group-one-logo.svg: |- + {{- if $groupOneLogoSvg }} + {{- $groupOneLogoSvg | nindent 4 }} + {{ else }} + + + + + + + + + {{- end }} + group-two-icon.svg: |- + {{- if $groupTwoIconSvg }} + {{- $groupTwoIconSvg | nindent 4 }} + {{ else }} + + + + + + + + + {{- end }} + group-two-logo.svg: |- + {{- if $groupTwoLogoSvg }} + {{- $groupTwoLogoSvg | nindent 4 }} + {{ else }} + + + + + + + + + {{- end }} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/cm.spawner-ui.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/cm.spawner-ui.yaml new file mode 100644 index 00000000..cd1f6210 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/cm.spawner-ui.yaml @@ -0,0 +1,15 @@ +{{- if (include "kubeflow.notebooks.jupyterWebApp.enabled" . | eq "true" ) -}} + +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + {{- include "kubeflow.notebooks.jupyterWebApp.labels" . | nindent 4 }} + name: {{ include "kubeflow.notebooks.jupyterWebApp.spawnerUI.configMapName" . }} + namespace: {{ include "kubeflow.namespace" . }} +data: + spawner_ui_config.yaml: | + spawnerFormDefaults: + {{- toYaml .Values.notebooks.jupyterWebApp.spawnerFormDefaults | nindent 6 }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/deployment.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/deployment.yaml new file mode 100644 index 00000000..265a30ba --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/deployment.yaml @@ -0,0 +1,100 @@ +{{- if (include "kubeflow.notebooks.jupyterWebApp.enabled" . | eq "true") -}} + +{{- $autoscalingEnabled := include "kubeflow.notebooks.jupyterWebApp.autoscaling.enabled" . -}} +{{- $replicas := include "kubeflow.notebooks.jupyterWebApp.autoscaling.minReplicas" . -}} + +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + {{- include "kubeflow.notebooks.jupyterWebApp.labels" . | nindent 4 }} + name: {{ include "kubeflow.notebooks.jupyterWebApp.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + {{- if (eq $autoscalingEnabled "false") }} + replicas: {{ $replicas }} + {{- end }} + + selector: + matchLabels: + {{- include "kubeflow.notebooks.jupyterWebApp.selectorLabels" . | nindent 6 }} + + template: + metadata: + labels: + {{- include "kubeflow.notebooks.jupyterWebApp.selectorLabels" . | nindent 8 }} + + spec: + containers: + - name: {{ include "kubeflow.notebooks.jupyterWebApp.baseName" . }} + image: {{ include "kubeflow.notebooks.jupyterWebApp.image" . }} + imagePullPolicy: {{ include "kubeflow.notebooks.jupyterWebApp.imagePullPolicy" . }} + + ports: + - containerPort: 5000 + protocol: TCP + + {{- with .Values.notebooks.jupyterWebApp.resources }} + resources: + {{- toYaml . | nindent 10 }} + {{- end }} + + volumeMounts: + - mountPath: /etc/config + name: config-volume + - mountPath: /src/apps/default/static/assets/logos + name: logos-volume + + env: + - name: APP_PREFIX + value: {{ .Values.notebooks.jupyterWebApp.urlPrefix }} + - name: UI + value: {{ .Values.notebooks.jupyterWebApp.uiFlavor }} + - name: USERID_HEADER + value: {{ .Values.auth.userHeaderName | quote }} + - name: USERID_PREFIX + value: {{ .Values.auth.userIdPrefix | quote }} + - name: APP_SECURE_COOKIES + value: {{ .Values.notebooks.jupyterWebApp.secureCookies | quote }} + + {{- with include "kubeflow.notebooks.jupyterWebApp.containerSecurityContext" . }} + securityContext: + {{- . | nindent 10 }} + {{- end }} + + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + + serviceAccountName: {{ include "kubeflow.notebooks.jupyterWebApp.serviceAccountName" . }} + + volumes: + - name: config-volume + configMap: + name: {{ include "kubeflow.notebooks.jupyterWebApp.spawnerUI.configMapName" . }} + - name: logos-volume + configMap: + name: {{ include "kubeflow.notebooks.jupyterWebApp.logos.configMapName" . }} + + {{- with include "kubeflow.notebooks.jupyterWebApp.nodeSelector" . }} + nodeSelector: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.notebooks.jupyterWebApp.tolerations" . }} + tolerations: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.notebooks.jupyterWebApp.affinity" . }} + affinity: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.notebooks.jupyterWebApp.topologySpreadConstraints" . }} + topologySpreadConstraints: + {{- . | nindent 8 }} + {{- end }} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/destination-rule.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/destination-rule.yaml new file mode 100644 index 00000000..14497016 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/destination-rule.yaml @@ -0,0 +1,16 @@ +{{- if (include "kubeflow.notebooks.jupyterWebApp.createIstioIntegrationObjects" . | eq "true") -}} + +apiVersion: networking.istio.io/v1alpha3 +kind: DestinationRule +metadata: + labels: + {{- include "kubeflow.notebooks.jupyterWebApp.labels" . | nindent 4 }} + name: {{ include "kubeflow.notebooks.jupyterWebApp.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + host: {{ include "kubeflow.notebooks.jupyterWebApp.svc.fqdn" . }} + trafficPolicy: + tls: + mode: ISTIO_MUTUAL + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/hpa.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/hpa.yaml new file mode 100644 index 00000000..1d82eb32 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/hpa.yaml @@ -0,0 +1,36 @@ +{{- if (include "kubeflow.notebooks.jupyterWebApp.autoscaling.enabled" . | eq "true") -}} + +{{- $componentName := include "kubeflow.notebooks.jupyterWebApp.name" . -}} +{{- $minReplicas := include "kubeflow.notebooks.jupyterWebApp.autoscaling.minReplicas" . -}} +{{- $maxReplicas := include "kubeflow.notebooks.jupyterWebApp.autoscaling.maxReplicas" . -}} +{{- $targetCPUUtilizationPercentage := include "kubeflow.notebooks.jupyterWebApp.autoscaling.targetCPUUtilizationPercentage" . -}} +{{- $targetMemoryUtilizationPercentage := include "kubeflow.notebooks.jupyterWebApp.autoscaling.targetMemoryUtilizationPercentage" . -}} + +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + labels: + {{- include "kubeflow.notebooks.jupyterWebApp.labels" . | nindent 4 }} + name: {{ $componentName }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ $componentName }} + minReplicas: {{ $minReplicas }} + maxReplicas: {{ $maxReplicas }} + metrics: + {{- if $targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + targetAverageUtilization: {{ $targetCPUUtilizationPercentage }} + {{- end }} + {{- if $targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + targetAverageUtilization: {{ $targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/poddisruptionbudget.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/poddisruptionbudget.yaml new file mode 100644 index 00000000..e7552b06 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/poddisruptionbudget.yaml @@ -0,0 +1,18 @@ +{{- if (include "kubeflow.notebooks.jupyterWebApp.pdb.create" . | eq "true") -}} + +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + labels: + {{- include "kubeflow.notebooks.jupyterWebApp.labels" . | nindent 4 }} + name: {{ include "kubeflow.notebooks.jupyterWebApp.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + selector: + matchLabels: + {{- include "kubeflow.notebooks.jupyterWebApp.selectorLabels" . | nindent 6 }} + {{- with (include "kubeflow.notebooks.jupyterWebApp.pdb.values" .) }} + {{- . | nindent 2 }} + {{- end }} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/service-account.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/service-account.yaml new file mode 100644 index 00000000..1ebeb8c6 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/service-account.yaml @@ -0,0 +1,15 @@ +{{- if (include "kubeflow.notebooks.jupyterWebApp.createServiceAccount" . | eq "true") -}} + +apiVersion: v1 +kind: ServiceAccount +metadata: + {{- with .Values.notebooks.jupyterWebApp.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4}} + {{- end }} + labels: + {{- include "kubeflow.notebooks.jupyterWebApp.labels" . | nindent 4 }} + name: {{ include "kubeflow.notebooks.jupyterWebApp.serviceAccountName" . }} + namespace: {{ include "kubeflow.namespace" . }} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/service.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/service.yaml new file mode 100644 index 00000000..2da61632 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/service.yaml @@ -0,0 +1,25 @@ +{{- if (include "kubeflow.notebooks.jupyterWebApp.enabled" . | eq "true") -}} + +apiVersion: v1 +kind: Service +metadata: + {{- with .Values.notebooks.jupyterWebApp.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "kubeflow.notebooks.jupyterWebApp.labels" . | nindent 4 }} + name: {{ include "kubeflow.notebooks.jupyterWebApp.svc.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 5000 + selector: + {{- include "kubeflow.notebooks.jupyterWebApp.selectorLabels" . | nindent 4 }} + sessionAffinity: None + type: {{ .Values.notebooks.jupyterWebApp.service.type }} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/virtual-service.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/virtual-service.yaml new file mode 100644 index 00000000..1010dd08 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/virtual-service.yaml @@ -0,0 +1,31 @@ +{{- if (include "kubeflow.notebooks.jupyterWebApp.createIstioIntegrationObjects" . | eq "true") -}} + +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + labels: + {{- include "kubeflow.notebooks.jupyterWebApp.labels" . | nindent 4 }} + name: {{ include "kubeflow.notebooks.jupyterWebApp.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + gateways: + - {{ .Values.istioIntegration.gateway.name }} + hosts: + - '*' + http: + - match: + - uri: + prefix: {{ .Values.notebooks.jupyterWebApp.urlPrefix }}/ + rewrite: + uri: / + route: + - destination: + host: {{ include "kubeflow.notebooks.jupyterWebApp.svc.fqdn" . }} + port: + number: 80 + headers: + request: + add: + x-forwarded-prefix: {{ .Values.notebooks.jupyterWebApp.urlPrefix }} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/certmanager.certificate.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/certmanager.certificate.yaml new file mode 100644 index 00000000..554a67eb --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/certmanager.certificate.yaml @@ -0,0 +1,21 @@ +{{- if (include "kubeflow.notebooks.pvcviewerController.enabledWithCertManager" . )}} + +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + labels: + {{- include "kubeflow.notebooks.pvcviewerController.labels" . | nindent 4 }} + name: {{ include "kubeflow.notebooks.pvcviewerController.certName" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + dnsNames: + - {{ include "kubeflow.notebooks.pvcviewerController.manager.svc.name" . }} + - {{ include "kubeflow.notebooks.pvcviewerController.manager.svc.addressWithNs" . }} + - {{ include "kubeflow.notebooks.pvcviewerController.manager.svc.addressWithSvc" . }} + - {{ include "kubeflow.notebooks.pvcviewerController.manager.svc.fqdn" . }} + issuerRef: + kind: Issuer + name: {{ include "kubeflow.notebooks.pvcviewerController.certIssuerName" . }} + secretName: {{ include "kubeflow.notebooks.pvcviewerController.tlsCertSecretName" . }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/certmanager.issuer.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/certmanager.issuer.yaml new file mode 100644 index 00000000..e52f06f2 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/certmanager.issuer.yaml @@ -0,0 +1,13 @@ +{{- if (include "kubeflow.notebooks.pvcviewerController.enabledWithCertManager" . )}} + +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + labels: + {{- include "kubeflow.notebooks.pvcviewerController.labels" . | nindent 4 }} + name: {{ include "kubeflow.notebooks.pvcviewerController.certIssuerName" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + selfSigned: {} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/deployment.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/deployment.yaml new file mode 100644 index 00000000..5a6e0d6f --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/deployment.yaml @@ -0,0 +1,144 @@ +{{- if (include "kubeflow.notebooks.pvcviewerController.enabled" . | eq "true") -}} + +{{- $autoscalingEnabled := include "kubeflow.notebooks.pvcviewerController.autoscaling.enabled" . -}} +{{- $replicas := include "kubeflow.notebooks.pvcviewerController.autoscaling.minReplicas" . -}} + +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + {{- include "kubeflow.notebooks.pvcviewerController.labels" . | nindent 4 }} + name: {{ include "kubeflow.notebooks.pvcviewerController.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + {{- if (eq $autoscalingEnabled "false") }} + replicas: {{ $replicas }} + {{- end }} + + selector: + matchLabels: + {{- include "kubeflow.notebooks.pvcviewerController.selectorLabels" . | nindent 6 }} + + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + traffic.sidecar.istio.io/excludeInboundPorts: {{ include "kubeflow.notebooks.pvcviewerController.webhook.port" . | quote }} + labels: + {{- include "kubeflow.notebooks.pvcviewerController.selectorLabels" . | nindent 8 }} + + spec: + containers: + - name: manager + image: {{ include "kubeflow.notebooks.pvcviewerController.manager.image" . }} + imagePullPolicy: {{ include "kubeflow.notebooks.pvcviewerController.manager.imagePullPolicy" . }} + + args: + - --health-probe-bind-address=:8081 + - --metrics-bind-address=127.0.0.1:8080 + - --leader-elect + command: + - /manager + + ports: + - containerPort: {{ include "kubeflow.notebooks.pvcviewerController.webhook.port" . }} + name: webhook-server + protocol: TCP + + {{- with .Values.notebooks.pvcviewerController.manager.resources }} + resources: + {{- toYaml . | nindent 10 }} + {{- end }} + + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + + {{- with include "kubeflow.notebooks.pvcviewerController.manager.containerSecurityContext" . }} + securityContext: + {{- . | nindent 10 }} + {{- end }} + + - name: kube-rbac-proxy + image: {{ include "kubeflow.notebooks.pvcviewerController.kubeRbacProxy.image" . }} + imagePullPolicy: {{ include "kubeflow.notebooks.pvcviewerController.kubeRbacProxy.imagePullPolicy" . }} + + args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=0 + + ports: + - containerPort: 8443 + name: https + protocol: TCP + + {{- with .Values.notebooks.pvcviewerController.kubeRbacProxy.resources }} + resources: + {{- toYaml . | nindent 10 }} + {{- end }} + + {{- with include "kubeflow.notebooks.pvcviewerController.kubeRbacProxy.containerSecurityContext" . }} + securityContext: + {{- . | nindent 10 }} + {{- end }} + + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + + serviceAccountName: {{ include "kubeflow.notebooks.pvcviewerController.serviceAccountName" . }} + + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: {{ include "kubeflow.notebooks.pvcviewerController.tlsCertSecretName" . }} + + {{- with include "kubeflow.notebooks.pvcviewerController.nodeSelector" . }} + nodeSelector: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.notebooks.pvcviewerController.tolerations" . }} + tolerations: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.notebooks.pvcviewerController.affinity" . }} + affinity: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.notebooks.pvcviewerController.topologySpreadConstraints" . }} + topologySpreadConstraints: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.notebooks.pvcviewerController.terminationGracePeriodSeconds" . }} + terminationGracePeriodSeconds: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.notebooks.pvcviewerController.securityContext" . }} + securityContext: + {{- . | nindent 8 }} + {{- end }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/clusterrole.manager.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/clusterrole.manager.yaml new file mode 100644 index 00000000..809a6b34 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/clusterrole.manager.yaml @@ -0,0 +1,83 @@ +{{- if (include "kubeflow.notebooks.pvcviewerController.rbac.createRoles" . | eq "true") -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "kubeflow.notebooks.pvcviewerController.labels" . | nindent 4 }} + name: {{ include "kubeflow.notebooks.pvcviewerController.mainClusterRoleName" . }} +rules: +- apiGroups: + - apps + resources: + - deployments + verbs: + - create + - get + - list + - update + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - create + - get + - list + - update + - watch +- apiGroups: + - kubeflow.org + resources: + - pvcviewers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - kubeflow.org + resources: + - pvcviewers/finalizers + verbs: + - update +- apiGroups: + - kubeflow.org + resources: + - pvcviewers/status + verbs: + - get + - patch + - update +- apiGroups: + - networking.istio.io + resources: + - virtualservices + verbs: + - create + - get + - list + - update + - watch + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/clusterrole.metrics-reader.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/clusterrole.metrics-reader.yaml new file mode 100644 index 00000000..10061844 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/clusterrole.metrics-reader.yaml @@ -0,0 +1,15 @@ +{{- if (include "kubeflow.notebooks.pvcviewerController.rbac.createRoles" . | eq "true") -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "kubeflow.notebooks.pvcviewerController.labels" . | nindent 4 }} + name: {{ include "kubeflow.notebooks.pvcviewerController.metricsReaderClusterRoleName" . }} +rules: +- nonResourceURLs: + - /metrics + verbs: + - get + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/clusterrole.proxy.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/clusterrole.proxy.yaml new file mode 100644 index 00000000..e6dcf396 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/clusterrole.proxy.yaml @@ -0,0 +1,23 @@ +{{- if (include "kubeflow.notebooks.pvcviewerController.rbac.createRoles" . | eq "true") -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "kubeflow.notebooks.pvcviewerController.labels" . | nindent 4 }} + name: {{ include "kubeflow.notebooks.pvcviewerController.proxyClusterRoleName" . }} +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/clusterrolebinding.manager.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/clusterrolebinding.manager.yaml new file mode 100644 index 00000000..925b08d1 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/clusterrolebinding.manager.yaml @@ -0,0 +1,18 @@ +{{- if (include "kubeflow.notebooks.pvcviewerController.rbac.createRoles" . | eq "true") -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + {{- include "kubeflow.notebooks.pvcviewerController.labels" . | nindent 4 }} + name: {{ include "kubeflow.notebooks.pvcviewerController.mainClusterRoleBindingName" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "kubeflow.notebooks.pvcviewerController.mainClusterRoleName" . }} +subjects: +- kind: ServiceAccount + name: {{ include "kubeflow.notebooks.pvcviewerController.serviceAccountName" . }} + namespace: {{ include "kubeflow.namespace" . }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/clusterrolebinding.proxy.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/clusterrolebinding.proxy.yaml new file mode 100644 index 00000000..17679fc1 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/clusterrolebinding.proxy.yaml @@ -0,0 +1,18 @@ +{{- if (include "kubeflow.notebooks.pvcviewerController.rbac.createRoles" . | eq "true") -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + {{- include "kubeflow.notebooks.pvcviewerController.labels" . | nindent 4 }} + name: {{ include "kubeflow.notebooks.pvcviewerController.proxyClusterRoleBindingName" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "kubeflow.notebooks.pvcviewerController.proxyClusterRoleName" . }} +subjects: +- kind: ServiceAccount + name: {{ include "kubeflow.notebooks.pvcviewerController.serviceAccountName" . }} + namespace: {{ include "kubeflow.namespace" . }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/role.leader-election.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/role.leader-election.yaml new file mode 100644 index 00000000..d74e2f93 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/role.leader-election.yaml @@ -0,0 +1,43 @@ +{{- if (include "kubeflow.notebooks.pvcviewerController.rbac.createRoles" . | eq "true") -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + {{- include "kubeflow.notebooks.pvcviewerController.labels" . | nindent 4 }} + name: {{ include "kubeflow.notebooks.pvcviewerController.leaderElectionRoleName" . }} + namespace: {{ include "kubeflow.namespace" . }} +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/rolebinding.leader-election.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/rolebinding.leader-election.yaml new file mode 100644 index 00000000..a1dd7ce4 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/rolebinding.leader-election.yaml @@ -0,0 +1,19 @@ +{{- if (include "kubeflow.notebooks.pvcviewerController.rbac.createRoles" . | eq "true") -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + {{- include "kubeflow.notebooks.pvcviewerController.labels" . | nindent 4 }} + name: {{ include "kubeflow.notebooks.pvcviewerController.leaderElectionRoleBindingName" . }} + namespace: {{ include "kubeflow.namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "kubeflow.notebooks.pvcviewerController.leaderElectionRoleName" . }} +subjects: +- kind: ServiceAccount + name: {{ include "kubeflow.notebooks.pvcviewerController.serviceAccountName" .}} + namespace: {{ include "kubeflow.namespace" . }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/volumesviewer_editor_role.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/volumesviewer_editor_role.yaml new file mode 100644 index 00000000..1c56f01e --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/volumesviewer_editor_role.yaml @@ -0,0 +1,36 @@ +{{/* +# Permissions for end users to edit pvcviewers. +# Currently not used anywhere. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: clusterrole + app.kubernetes.io/instance: pvcviewer-editor-role + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: pvc-viewer + app.kubernetes.io/part-of: pvc-viewer + app.kubernetes.io/managed-by: kustomize + name: pvcviewer-editor-role +rules: +- apiGroups: + - kubeflow.org + resources: + - pvcviewers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - kubeflow.org + resources: + - pvcviewers/status + verbs: + - get + +*/}} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/volumesviewer_viewer_role.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/volumesviewer_viewer_role.yaml new file mode 100644 index 00000000..75545786 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/volumesviewer_viewer_role.yaml @@ -0,0 +1,32 @@ +{{/* +# Permissions for end users to view pvcviewers. +# Currently not used anywhere. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: clusterrole + app.kubernetes.io/instance: pvcviewer-viewer-role + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: pvc-viewer + app.kubernetes.io/part-of: pvc-viewer + app.kubernetes.io/managed-by: kustomize + name: pvcviewer-viewer-role +rules: +- apiGroups: + - kubeflow.org + resources: + - pvcviewers + verbs: + - get + - list + - watch +- apiGroups: + - kubeflow.org + resources: + - pvcviewers/status + verbs: + - get + +*/}} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/service.kube-rbac-proxy.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/service.kube-rbac-proxy.yaml new file mode 100644 index 00000000..895a2baa --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/service.kube-rbac-proxy.yaml @@ -0,0 +1,25 @@ +{{- if (include "kubeflow.notebooks.pvcviewerController.enabled" . | eq "true") -}} + +apiVersion: v1 +kind: Service +metadata: + {{- with .Values.notebooks.pvcviewerController.kubeRbacProxy.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "kubeflow.notebooks.pvcviewerController.labels" . | nindent 4 }} + name: {{ include "kubeflow.notebooks.pvcviewerController.kubeRbacProxy.svc.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + {{- include "kubeflow.notebooks.pvcviewerController.selectorLabels" . | nindent 4 }} + sessionAffinity: None + type: {{ .Values.notebooks.pvcviewerController.kubeRbacProxy.service.type }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/service.manager.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/service.manager.yaml new file mode 100644 index 00000000..8c43a1b1 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/service.manager.yaml @@ -0,0 +1,24 @@ +{{- if (include "kubeflow.notebooks.pvcviewerController.enabled" . | eq "true") -}} + +apiVersion: v1 +kind: Service +metadata: + {{- with .Values.notebooks.pvcviewerController.manager.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "kubeflow.notebooks.pvcviewerController.labels" . | nindent 4 }} + name: {{ include "kubeflow.notebooks.pvcviewerController.manager.svc.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + ports: + - port: 443 + protocol: TCP + targetPort: {{ include "kubeflow.notebooks.pvcviewerController.webhook.port" . }} + selector: + {{- include "kubeflow.notebooks.pvcviewerController.selectorLabels" . | nindent 4 }} + sessionAffinity: None + type: {{ .Values.notebooks.pvcviewerController.manager.service.type }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/serviceaccount.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/serviceaccount.yaml new file mode 100644 index 00000000..20fb9750 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/serviceaccount.yaml @@ -0,0 +1,15 @@ +{{- if (include "kubeflow.notebooks.pvcviewerController.createServiceAccount" . | eq "true") -}} + +apiVersion: v1 +kind: ServiceAccount +metadata: + {{- with .Values.notebooks.pvcviewerController.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4}} + {{- end }} + labels: + {{- include "kubeflow.notebooks.pvcviewerController.labels" . | nindent 4 }} + name: {{ include "kubeflow.notebooks.pvcviewerController.serviceAccountName" . }} + namespace: {{ include "kubeflow.namespace" . }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/webhook/mutating.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/webhook/mutating.yaml new file mode 100644 index 00000000..e73b3f18 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/webhook/mutating.yaml @@ -0,0 +1,38 @@ +{{- if (include "kubeflow.notebooks.pvcviewerController.enabled" .) -}} + +{{- $ca := printf "%s/%s" + (include "kubeflow.namespace" .) + (include "kubeflow.notebooks.pvcviewerController.certName" .) +-}} + +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: {{ $ca }} + labels: + {{- include "kubeflow.notebooks.pvcviewerController.labels" . | nindent 4 }} + name: {{ include "kubeflow.notebooks.pvcviewerController.mutatingWebhookName" . }} +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ include "kubeflow.notebooks.pvcviewerController.manager.svc.name" .}} + namespace: {{ include "kubeflow.namespace" . }} + path: /mutate-kubeflow-org-v1alpha1-pvcviewer + failurePolicy: Fail + name: {{ include "kubeflow.notebooks.pvcviewerController.manager.svc.addressWithSvc" . }} + rules: + - apiGroups: + - kubeflow.org + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - pvcviewers + sideEffects: None + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/webhook/validating.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/webhook/validating.yaml new file mode 100644 index 00000000..2d20fbf1 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/webhook/validating.yaml @@ -0,0 +1,38 @@ +{{- if (include "kubeflow.notebooks.pvcviewerController.enabled" .) -}} + +{{- $ca := printf "%s/%s" + (include "kubeflow.namespace" .) + (include "kubeflow.notebooks.pvcviewerController.certName" .) +-}} + +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: {{ $ca }} + labels: + {{- include "kubeflow.notebooks.pvcviewerController.labels" . | nindent 4 }} + name: {{ include "kubeflow.notebooks.pvcviewerController.validatingWebhookName" . }} +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ include "kubeflow.notebooks.pvcviewerController.manager.svc.name" .}} + namespace: {{ include "kubeflow.namespace" . }} + path: /validate-kubeflow-org-v1alpha1-pvcviewer + failurePolicy: Fail + name: {{ include "kubeflow.notebooks.pvcviewerController.manager.svc.addressWithSvc" . }} + rules: + - apiGroups: + - kubeflow.org + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - pvcviewers + sideEffects: None + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/authorizationpolicy.extAuth.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/authorizationpolicy.extAuth.yaml new file mode 100644 index 00000000..6795b4bd --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/authorizationpolicy.extAuth.yaml @@ -0,0 +1,29 @@ +{{- if and + (include "kubeflow.notebooks.volumesWebApp.createIstioIntegrationObjects" . | eq "true") + (include "kubeflow.istioIntegration.authorizationMode.granular" . | eq "true") +-}} + +# NOTE: this AuthorizationPolicy forces traffic through ext authz http extension +# so we don't have to provide configuration to allow traffic only from +# istio-ingressgateway. The .spec.rules.to.operations.notPaths is configured for +# CloudFlare integration and allows only static, non-secret assets to be +# accessible without the Istio Auth. + +apiVersion: security.istio.io/v1beta1 +kind: AuthorizationPolicy +metadata: + labels: + {{- include "kubeflow.notebooks.volumesWebApp.labels" . | nindent 4 }} + name: {{ include "kubeflow.notebooks.volumesWebApp.authorizationPolicyExtAuthName" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + action: CUSTOM + provider: + name: {{ .Values.istioIntegration.envoyExtAuthzHttpExtensionProviderName }} + rules: + - {} + selector: + matchLabels: + {{- include "kubeflow.notebooks.volumesWebApp.selectorLabels" . | nindent 6 }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/authorizationpolicy.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/authorizationpolicy.yaml new file mode 100644 index 00000000..5e58d1fe --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/authorizationpolicy.yaml @@ -0,0 +1,20 @@ +{{- if (include "kubeflow.notebooks.volumesWebApp.createIstioIntegrationObjects" .) -}} + +apiVersion: security.istio.io/v1beta1 +kind: AuthorizationPolicy +metadata: + labels: + {{- include "kubeflow.notebooks.volumesWebApp.labels" . | nindent 4 }} + name: {{ include "kubeflow.notebooks.volumesWebApp.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + selector: + matchLabels: + {{- include "kubeflow.notebooks.volumesWebApp.selectorLabels" . | nindent 6 }} + rules: + - from: + - source: + namespaces: + - {{ .Values.istioIntegration.ingressGatewayNamespace }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/cluster-role-binding.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/cluster-role-binding.yaml new file mode 100644 index 00000000..f653e7d8 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/cluster-role-binding.yaml @@ -0,0 +1,18 @@ +{{- if (include "kubeflow.notebooks.volumesWebApp.rbac.createRoles" . | eq "true" ) -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + {{- include "kubeflow.notebooks.volumesWebApp.labels" . | nindent 4 }} + name: {{ include "kubeflow.notebooks.volumesWebApp.mainClusterRoleBindingName" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "kubeflow.notebooks.volumesWebApp.mainClusterRoleName" . }} +subjects: +- kind: ServiceAccount + name: {{ include "kubeflow.notebooks.volumesWebApp.serviceAccountName" . }} + namespace: {{ include "kubeflow.namespace" . }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/cluster-role.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/cluster-role.yaml new file mode 100644 index 00000000..89e780ee --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/cluster-role.yaml @@ -0,0 +1,143 @@ +{{- if (include "kubeflow.notebooks.volumesWebApp.rbac.createRoles" . | eq "true" ) -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "kubeflow.notebooks.volumesWebApp.labels" . | nindent 4 }} + name: {{ include "kubeflow.notebooks.volumesWebApp.mainClusterRoleName" . }} +rules: +- apiGroups: + - "" + resources: + - namespaces + - pods + verbs: + - get + - list +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete + - get + - list + - watch + - update + - patch +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - list +- apiGroups: + - kubeflow.org + resources: + - notebooks + verbs: + - list +- apiGroups: + - kubeflow.org + resources: + - pvcviewers + verbs: + - get + - list + - create + - delete + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "kubeflow.notebooks.volumesWebApp.labels" . | nindent 4 }} + {{- include "kubeflow.kubeflowRoles.kubeflowAdminRoleLabel" . | nindent 4 }} + name: {{ include "kubeflow.notebooks.volumesWebApp.kfVolUiAdminClusterRoleName" . }} +rules: [] + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "kubeflow.notebooks.volumesWebApp.labels" . | nindent 4 }} + {{- include "kubeflow.kubeflowRoles.kubeflowEditRoleLabel" . | nindent 4 }} + name: {{ include "kubeflow.notebooks.volumesWebApp.kfVolUiEditClusterRoleName" . }} +rules: +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete + - get + - list + - watch + - update + - patch +- apiGroups: + - kubeflow.org + resources: + - pvcviewers + verbs: + - get + - list + - create + - delete + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "kubeflow.notebooks.volumesWebApp.labels" . | nindent 4 }} + {{- include "kubeflow.kubeflowRoles.kubeflowViewRoleLabel" . | nindent 4 }} + name: {{ include "kubeflow.notebooks.volumesWebApp.kfVolUiViewClusterRoleName" . }} +rules: +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch +- apiGroups: + - kubeflow.org + resources: + - pvcviewers + verbs: + - get + - list + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/cm.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/cm.yaml new file mode 100644 index 00000000..66630fa8 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/cm.yaml @@ -0,0 +1,59 @@ +{{- if (include "kubeflow.notebooks.volumesWebApp.enabled" . | eq "true" ) -}} + +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + {{- include "kubeflow.notebooks.volumesWebApp.labels" . | nindent 4 }} + name: {{ include "kubeflow.notebooks.volumesWebApp.configMapName" . }} + namespace: {{ include "kubeflow.namespace" . }} +data: + viewer-spec.yaml: | + # Note: the volumes-web-app allows expanding strings using ${VAR_NAME} + # You may use any environment variable. This lets us e.g. specify images that can be modified using kustomize's image transformer. + # Additionally, 'PVC_NAME', 'NAME' and 'NAMESPACE' are defined + # Name of the pvc is set by the volumes web app + pvc: $NAME + podSpec: + serviceAccountName: {{ .Values.notebooks.volumesWebApp.config.viewer.serviceAccountName }} + containers: + - name: main + image: {{ include "kubeflow.notebooks.volumesWebApp.viewerImage" . }} + env: + - name: FB_ADDRESS + value: "0.0.0.0" + - name: FB_PORT + value: "8080" + - name: FB_DATABASE + value: /tmp/filebrowser.db + - name: FB_NOAUTH + value: "true" + - name: FB_BASEURL + value: /pvcviewers/$NAMESPACE/$NAME/ + readinessProbe: + tcpSocket: + port: 8080 + initialDelaySeconds: 2 + periodSeconds: 10 + # viewer-volume is provided automatically by the volumes web app + volumeMounts: + - name: viewer-volume + mountPath: /srv + workingDir: /srv + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + volumes: + - name: viewer-volume + persistentVolumeClaim: + claimName: $NAME + networking: + targetPort: 8080 + basePrefix: "/pvcviewers" + rewrite: "/" + timeout: 30s + rwoScheduling: true + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/deployment.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/deployment.yaml new file mode 100644 index 00000000..ec0a8c66 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/deployment.yaml @@ -0,0 +1,94 @@ +{{- if (include "kubeflow.notebooks.volumesWebApp.enabled" . | eq "true") -}} + +{{- $autoscalingEnabled := include "kubeflow.notebooks.volumesWebApp.autoscaling.enabled" . -}} +{{- $replicas := include "kubeflow.notebooks.volumesWebApp.autoscaling.minReplicas" . -}} + +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + {{- include "kubeflow.notebooks.volumesWebApp.labels" . | nindent 4 }} + name: {{ include "kubeflow.notebooks.volumesWebApp.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + {{- if (eq $autoscalingEnabled "false") }} + replicas: {{ $replicas }} + {{- end }} + + selector: + matchLabels: + {{- include "kubeflow.notebooks.volumesWebApp.selectorLabels" . | nindent 6 }} + + template: + metadata: + labels: + {{- include "kubeflow.notebooks.volumesWebApp.selectorLabels" . | nindent 8 }} + + spec: + containers: + - name: {{ include "kubeflow.notebooks.volumesWebApp.baseName" . }} + image: {{ include "kubeflow.notebooks.volumesWebApp.image" . }} + imagePullPolicy: {{ include "kubeflow.notebooks.volumesWebApp.imagePullPolicy" . }} + + ports: + - containerPort: 5000 + protocol: TCP + + {{- with .Values.notebooks.volumesWebApp.resources }} + resources: + {{- toYaml . | nindent 10 }} + {{- end }} + + volumeMounts: + - mountPath: /etc/config/viewer-spec.yaml + name: viewer-spec + subPath: viewer-spec.yaml + + env: + - name: APP_PREFIX + value: {{ .Values.notebooks.volumesWebApp.config.urlPrefix }} + - name: USERID_HEADER + value: {{ .Values.auth.userHeaderName | quote }} + - name: USERID_PREFIX + value: {{ .Values.auth.userIdPrefix | quote }} + - name: APP_SECURE_COOKIES + value: {{ .Values.notebooks.volumesWebApp.config.secureCookies | quote }} + + {{- with include "kubeflow.notebooks.volumesWebApp.containerSecurityContext" . }} + securityContext: + {{- . | nindent 10 }} + {{- end }} + + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + + serviceAccountName: {{ include "kubeflow.notebooks.volumesWebApp.serviceAccountName" . }} + + volumes: + - name: viewer-spec + configMap: + name: {{ include "kubeflow.notebooks.volumesWebApp.configMapName" . }} + + {{- with include "kubeflow.notebooks.volumesWebApp.nodeSelector" . }} + nodeSelector: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.notebooks.volumesWebApp.tolerations" . }} + tolerations: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.notebooks.volumesWebApp.affinity" . }} + affinity: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.notebooks.volumesWebApp.topologySpreadConstraints" . }} + topologySpreadConstraints: + {{- . | nindent 8 }} + {{- end }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/destination-rule.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/destination-rule.yaml new file mode 100644 index 00000000..a3e276e9 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/destination-rule.yaml @@ -0,0 +1,16 @@ +{{- if (include "kubeflow.notebooks.volumesWebApp.createIstioIntegrationObjects" . | eq "true") -}} + +apiVersion: networking.istio.io/v1alpha3 +kind: DestinationRule +metadata: + labels: + {{- include "kubeflow.notebooks.volumesWebApp.labels" . | nindent 4 }} + name: {{ include "kubeflow.notebooks.volumesWebApp.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + host: {{ include "kubeflow.notebooks.volumesWebApp.svc.fqdn" . }} + trafficPolicy: + tls: + mode: ISTIO_MUTUAL + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/hpa.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/hpa.yaml new file mode 100644 index 00000000..41620b82 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/hpa.yaml @@ -0,0 +1,36 @@ +{{- if (include "kubeflow.notebooks.volumesWebApp.autoscaling.enabled" . | eq "true") -}} + +{{- $componentName := include "kubeflow.notebooks.volumesWebApp.name" . -}} +{{- $minReplicas := include "kubeflow.notebooks.volumesWebApp.autoscaling.minReplicas" . -}} +{{- $maxReplicas := include "kubeflow.notebooks.volumesWebApp.autoscaling.maxReplicas" . -}} +{{- $targetCPUUtilizationPercentage := include "kubeflow.notebooks.volumesWebApp.autoscaling.targetCPUUtilizationPercentage" . -}} +{{- $targetMemoryUtilizationPercentage := include "kubeflow.notebooks.volumesWebApp.autoscaling.targetMemoryUtilizationPercentage" . -}} + +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + labels: + {{- include "kubeflow.notebooks.volumesWebApp.labels" . | nindent 4 }} + name: {{ $componentName }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ $componentName }} + minReplicas: {{ $minReplicas }} + maxReplicas: {{ $maxReplicas }} + metrics: + {{- if $targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + targetAverageUtilization: {{ $targetCPUUtilizationPercentage }} + {{- end }} + {{- if $targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + targetAverageUtilization: {{ $targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/poddisruptionbudget.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/poddisruptionbudget.yaml new file mode 100644 index 00000000..d9ba40b4 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/poddisruptionbudget.yaml @@ -0,0 +1,18 @@ +{{- if (include "kubeflow.notebooks.volumesWebApp.pdb.create" . | eq "true") -}} + +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + labels: + {{- include "kubeflow.notebooks.volumesWebApp.labels" . | nindent 4 }} + name: {{ include "kubeflow.notebooks.volumesWebApp.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + selector: + matchLabels: + {{- include "kubeflow.notebooks.volumesWebApp.selectorLabels" . | nindent 6 }} + {{- with (include "kubeflow.notebooks.volumesWebApp.pdb.values" .) }} + {{- . | nindent 2 }} + {{- end }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/service-account.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/service-account.yaml new file mode 100644 index 00000000..23c72629 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/service-account.yaml @@ -0,0 +1,15 @@ +{{- if (include "kubeflow.notebooks.volumesWebApp.createServiceAccount" . | eq "true") -}} + +apiVersion: v1 +kind: ServiceAccount +metadata: + {{- with .Values.notebooks.volumesWebApp.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4}} + {{- end }} + labels: + {{- include "kubeflow.notebooks.volumesWebApp.labels" . | nindent 4 }} + name: {{ include "kubeflow.notebooks.volumesWebApp.serviceAccountName" . }} + namespace: {{ include "kubeflow.namespace" . }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/service.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/service.yaml new file mode 100644 index 00000000..e8881467 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/service.yaml @@ -0,0 +1,25 @@ +{{- if (include "kubeflow.notebooks.volumesWebApp.enabled" . | eq "true") -}} + +apiVersion: v1 +kind: Service +metadata: + {{- with .Values.notebooks.volumesWebApp.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "kubeflow.notebooks.volumesWebApp.labels" . | nindent 4 }} + name: {{ include "kubeflow.notebooks.volumesWebApp.svc.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 5000 + selector: + {{- include "kubeflow.notebooks.volumesWebApp.selectorLabels" . | nindent 4 }} + sessionAffinity: None + type: {{ .Values.notebooks.volumesWebApp.service.type }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/virtual-service.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/virtual-service.yaml new file mode 100644 index 00000000..7939994e --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/virtual-service.yaml @@ -0,0 +1,31 @@ +{{- if (include "kubeflow.notebooks.volumesWebApp.createIstioIntegrationObjects" . | eq "true") -}} + +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + labels: + {{- include "kubeflow.notebooks.volumesWebApp.labels" . | nindent 4 }} + name: {{ include "kubeflow.notebooks.volumesWebApp.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + gateways: + - {{ .Values.istioIntegration.gateway.name }} + hosts: + - '*' + http: + - match: + - uri: + prefix: {{ .Values.notebooks.volumesWebApp.config.urlPrefix }}/ + rewrite: + uri: / + route: + - destination: + host: {{ include "kubeflow.notebooks.volumesWebApp.svc.fqdn" . }} + port: + number: 80 + headers: + request: + add: + x-forwarded-prefix: {{ .Values.notebooks.volumesWebApp.config.urlPrefix }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/oauth2-proxy-integration/virtualservice.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/oauth2-proxy-integration/virtualservice.yaml new file mode 100644 index 00000000..bd34ef7f --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/oauth2-proxy-integration/virtualservice.yaml @@ -0,0 +1,23 @@ +{{- if (include "kubeflow.oauth2ProxyIntegration.istio.enabled" . | eq "true") -}} + +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: {{ .Values.oauth2ProxyIntegration.svc.name }} + namespace: {{ .Values.oauth2ProxyIntegration.svc.namespace }} +spec: + gateways: + - {{ include "kubeflow.namespace" . }}/{{ .Values.istioIntegration.gateway.name }} + hosts: + - "{{ default "*" .Values.oauth2ProxyIntegration.host }}" + http: + - match: + - uri: + prefix: {{ .Values.oauth2ProxyIntegration.urlPrefix }}/ + route: + - destination: + host: {{ .Values.oauth2ProxyIntegration.svc.name }}.{{ .Values.oauth2ProxyIntegration.svc.namespace }}.svc.cluster.local + port: + number: {{ .Values.oauth2ProxyIntegration.svc.port }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/_notes.txt b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/_notes.txt new file mode 100644 index 00000000..cd988a3f --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/_notes.txt @@ -0,0 +1,5 @@ +CRDs: +from cluster-scoped-resources all copied to helm charts crds directory +requiring argo wf as subchart + +investigate if it makes sense to add crd/applications.app.k8s.io diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/authorizationpolicy.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/authorizationpolicy.yaml new file mode 100644 index 00000000..3c52cdc0 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/authorizationpolicy.yaml @@ -0,0 +1,17 @@ +{{- if (include "kubeflow.pipelines.cache.createIstioIntegrationObjects" .) -}} + +apiVersion: security.istio.io/v1beta1 +kind: AuthorizationPolicy +metadata: + labels: + {{- include "kubeflow.pipelines.cache.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.cache.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + selector: + matchLabels: + {{- include "kubeflow.pipelines.cache.selectorLabels" . | nindent 6 }} + rules: + - {} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/certmanager.certificate.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/certmanager.certificate.yaml new file mode 100644 index 00000000..ccaff1f1 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/certmanager.certificate.yaml @@ -0,0 +1,23 @@ +{{- if (include "kubeflow.pipelines.cache.enabledWithCertManager" . )}} + +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + labels: + {{- include "kubeflow.pipelines.cache.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.cache.certName" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + commonName: {{ include "kubeflow.pipelines.cache.certName" . }} + isCA: true + dnsNames: + - {{ include "kubeflow.pipelines.cache.svc.name" . }} + - {{ include "kubeflow.pipelines.cache.svc.addressWithNs" . }} + - {{ include "kubeflow.pipelines.cache.svc.addressWithSvc" . }} + - {{ include "kubeflow.pipelines.cache.svc.fqdn" . }} + issuerRef: + kind: Issuer + name: {{ include "kubeflow.pipelines.cache.certIssuerName" . }} + secretName: {{ include "kubeflow.pipelines.cache.tlsCertSecretName" . }} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/certmanager.issuer.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/certmanager.issuer.yaml new file mode 100644 index 00000000..2ffdc030 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/certmanager.issuer.yaml @@ -0,0 +1,13 @@ +{{- if (include "kubeflow.pipelines.cache.enabledWithCertManager" . )}} + +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + labels: + {{- include "kubeflow.pipelines.cache.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.cache.certIssuerName" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + selfSigned: {} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/deployment.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/deployment.yaml new file mode 100644 index 00000000..40cd5f0c --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/deployment.yaml @@ -0,0 +1,127 @@ +{{- if (include "kubeflow.pipelines.cache.enabled" .) -}} + +{{- $autoscalingEnabled := include "kubeflow.pipelines.cache.autoscaling.enabled" . -}} +{{- $replicas := include "kubeflow.pipelines.cache.autoscaling.minReplicas" . -}} + +# TODO: Add cache-deployer if cert-manager integration is disabled. +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + {{- include "kubeflow.pipelines.cache.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.cache.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + {{- if (eq $autoscalingEnabled "false") }} + replicas: {{ $replicas }} + {{- end }} + + selector: + matchLabels: + {{- include "kubeflow.pipelines.cache.selectorLabels" . | nindent 6 }} + + template: + metadata: + labels: + {{- include "kubeflow.pipelines.cache.selectorLabels" . | nindent 8 }} + + spec: + containers: + - name: server + image: {{ include "kubeflow.pipelines.cache.image" . }} + imagePullPolicy: {{ include "kubeflow.pipelines.cache.imagePullPolicy" . }} + + args: + - --db_user=$({{ include "kubeflow.pipelines.cache.config.db.user.env.name" . }}) + - --db_password=$({{ include "kubeflow.pipelines.cache.config.db.password.env.name" . }}) + - --db_host=$({{ include "kubeflow.pipelines.cache.config.db.host.env.name" . }}) + - --db_port=$({{ include "kubeflow.pipelines.cache.config.db.port.env.name" . }}) + - --db_driver=$({{ include "kubeflow.pipelines.cache.config.db.driver.env.name" . }}) + - --db_name=$({{ include "kubeflow.pipelines.cache.config.db.cacheDatabaseName.env.name" . }}) + - --namespace_to_watch=$(NAMESPACE_TO_WATCH) + - --listen_port=$(WEBHOOK_PORT) + {{- if (include "kubeflow.certManagerIntegration.enabled" . )}} + - --tls_cert_filename=tls.crt + - --tls_key_filename=tls.key + {{- end }} + + env: + {{- include "kubeflow.pipelines.cache.config.db.user.env.spec" . | nindent 8 }} + {{- include "kubeflow.pipelines.cache.config.db.password.env.spec" . | nindent 8 }} + {{- include "kubeflow.pipelines.cache.config.db.host.env.spec" . | nindent 8 }} + {{- include "kubeflow.pipelines.cache.config.db.port.env.spec" . | nindent 8 }} + {{- include "kubeflow.pipelines.cache.config.db.driver.env.spec" . | nindent 8 }} + {{- include "kubeflow.pipelines.cache.config.db.cacheDatabaseName.env.spec" . | nindent 8 }} + + - name: DEFAULT_CACHE_STALENESS + value: {{ .Values.pipelines.cache.config.defaultCacheStaleness | quote }} + - name: MAXIMUM_CACHE_STALENESS + value: {{ .Values.pipelines.cache.config.maximumCacheStaleness | quote }} + - name: CACHE_IMAGE + value: {{ .Values.pipelines.cache.config.cacheImage }} + - name: CACHE_NODE_RESTRICTIONS + value: {{ .Values.pipelines.cache.config.cacheNodeRestrictions | quote }} + - name: WEBHOOK_PORT + value: {{ .Values.pipelines.cache.service.targetPort | quote }} + + - name: NAMESPACE_TO_WATCH + {{- if (include "kubeflow.deploymentMode.namespace" .) }} + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- else }} + value: "" + {{- end }} + + ports: + - containerPort: {{ .Values.pipelines.cache.service.targetPort }} + name: webhook-api + + {{- with .Values.pipelines.cache.resources }} + resources: + {{- toYaml . | nindent 10 }} + {{- end }} + + {{- with include "kubeflow.pipelines.cache.containerSecurityContext" . }} + securityContext: + {{- . | nindent 10 }} + {{- end }} + + volumeMounts: + - name: webhook-tls-certs + mountPath: /etc/webhook/certs + readOnly: true + + volumes: + - name: webhook-tls-certs + secret: + secretName: {{ include "kubeflow.pipelines.cache.tlsCertSecretName" . }} + + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + + serviceAccountName: {{ include "kubeflow.pipelines.cache.serviceAccountName" . }} + + {{- with include "kubeflow.pipelines.cache.nodeSelector" . }} + nodeSelector: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.pipelines.cache.tolerations" . }} + tolerations: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.pipelines.cache.affinity" . }} + affinity: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.pipelines.cache.topologySpreadConstraints" . }} + topologySpreadConstraints: + {{- . | nindent 8 }} + {{- end }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/mutatingwebhook.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/mutatingwebhook.yaml new file mode 100644 index 00000000..6c191e51 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/mutatingwebhook.yaml @@ -0,0 +1,36 @@ +{{- if (include "kubeflow.pipelines.cache.enabled" .) -}} + +{{- $ca := printf "%s/%s" + (include "kubeflow.namespace" .) + (include "kubeflow.pipelines.cache.certName" .) +-}} + +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: {{ $ca }} + labels: + {{- include "kubeflow.pipelines.cache.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.cache.webhookName" . }} +webhooks: + - name: {{ include "kubeflow.pipelines.cache.svc.addressWithSvc" . }} + clientConfig: + service: + name: {{ include "kubeflow.pipelines.cache.svc.name" .}} + namespace: {{ include "kubeflow.namespace" . }} + path: "/mutate" + rules: + - operations: [ "CREATE" ] + apiGroups: [""] + apiVersions: ["v1"] + resources: ["pods"] + failurePolicy: Ignore + sideEffects: None + timeoutSeconds: 5 + objectSelector: + matchLabels: + {{- include "kubeflow.pipelines.cache.cacheEnabledLabel" . | nindent 8}} + admissionReviewVersions: ["v1beta1"] + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/role-or-clusterrole.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/role-or-clusterrole.yaml new file mode 100644 index 00000000..5125f5c5 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/role-or-clusterrole.yaml @@ -0,0 +1,57 @@ +{{- if (include "kubeflow.pipelines.cache.enabled" .) -}} + +{{- $kind := ternary "ClusterRole" "Role" (include "kubeflow.deploymentMode.cluster" . | eq "true") -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: {{ $kind }} +metadata: + labels: + {{- include "kubeflow.pipelines.cache.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.cache.roleName" .}} + namespace: {{ include "kubeflow.namespace" . }} +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - tekton.dev + resources: + - pipelineruns + - customruns + - taskruns + - conditions + - runs + - tasks + verbs: + - create + - get + - list + - watch + - update + - patch + - delete + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/rolebinding-or-clusterrolebinding.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/rolebinding-or-clusterrolebinding.yaml new file mode 100644 index 00000000..e7c0a262 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/rolebinding-or-clusterrolebinding.yaml @@ -0,0 +1,22 @@ +{{- if (include "kubeflow.pipelines.cache.enabled" .) -}} + +{{- $kind := ternary "ClusterRoleBinding" "RoleBinding" (include "kubeflow.deploymentMode.cluster" . | eq "true") -}} +{{- $roleRefKind := ternary "ClusterRole" "Role" (include "kubeflow.deploymentMode.cluster" . | eq "true") -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: {{ $kind }} +metadata: + labels: + {{- include "kubeflow.pipelines.cache.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.cache.roleBindingName" .}} + namespace: {{ include "kubeflow.namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: {{ $roleRefKind }} + name: {{ include "kubeflow.pipelines.cache.roleName" .}} +subjects: +- kind: ServiceAccount + name: {{ include "kubeflow.pipelines.cache.serviceAccountName" . }} + namespace: {{ include "kubeflow.namespace" . }} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/sa.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/sa.yaml new file mode 100644 index 00000000..577b15ea --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/sa.yaml @@ -0,0 +1,15 @@ +{{- if (include "kubeflow.pipelines.cache.createServiceAccount" . | eq "true") -}} + +apiVersion: v1 +kind: ServiceAccount +metadata: + {{- with .Values.pipelines.cache.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "kubeflow.pipelines.cache.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.cache.serviceAccountName" . }} + namespace: {{ include "kubeflow.namespace" . }} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/service.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/service.yaml new file mode 100644 index 00000000..fa5093c5 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/service.yaml @@ -0,0 +1,47 @@ +{{- if (include "kubeflow.pipelines.cache.enabled" .) -}} + +apiVersion: v1 +kind: Service +metadata: + {{- with .Values.pipelines.cache.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "kubeflow.pipelines.cache.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.cache.svc.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + ports: + - port: {{ .Values.pipelines.cache.service.port }} + targetPort: webhook-api + selector: + {{- include "kubeflow.pipelines.cache.selectorLabels" . | nindent 4 }} + sessionAffinity: None + type: {{ .Values.pipelines.cache.service.type }} + +--- + +# TODO: having this SVC is a workaround... cache-server service might be hardcoded... + +apiVersion: v1 +kind: Service +metadata: + {{- with .Values.pipelines.cache.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "kubeflow.pipelines.cache.labels" . | nindent 4 }} + name: cache-server + namespace: {{ include "kubeflow.namespace" . }} +spec: + ports: + - port: {{ .Values.pipelines.cache.service.port }} + targetPort: webhook-api + selector: + {{- include "kubeflow.pipelines.cache.selectorLabels" . | nindent 4 }} + sessionAffinity: None + type: {{ .Values.pipelines.cache.service.type }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/apiserver/authorizationpolicy.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/apiserver/authorizationpolicy.yaml new file mode 100644 index 00000000..7d149086 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/apiserver/authorizationpolicy.yaml @@ -0,0 +1,41 @@ +{{- if (include "kubeflow.pipelines.mlPipeline.createIstioIntegrationObjects" .) -}} + +apiVersion: security.istio.io/v1beta1 +kind: AuthorizationPolicy +metadata: + labels: + {{- include "kubeflow.pipelines.mlPipeline.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.mlPipeline.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + selector: + matchLabels: + {{- include "kubeflow.pipelines.mlPipeline.selectorLabels" . | nindent 6 }} + rules: + - from: + - source: + principals: + - {{ include "kubeflow.pipelines.mlPipeline.serviceAccountPrincipal" . }} + - {{ include "kubeflow.pipelines.ui.serviceAccountPrincipal" . }} + - {{ include "kubeflow.pipelines.persistenceAgent.serviceAccountPrincipal" . }} + - {{ include "kubeflow.pipelines.scheduledWorkflow.serviceAccountPrincipal" . }} + - {{ include "kubeflow.pipelines.viewerCrd.serviceAccountPrincipal" . }} + - {{ include "kubeflow.pipelines.cache.serviceAccountPrincipal" . }} + + # NOTE(kromanow94): with m2m tokens through istio/oauth2-proxy and + # ml-pipeline-ui, the following is probably not needed anymore. + # NOTE(kromanow94) UPDATE!!!: It's needed, otherwise the KF Pipeline Steps + # cannot reach ml-pipeline and appareantly it's needed to process the step... + # For user workloads, which cannot use http headers for authentication + # Allow all requests that dont have a `kubeflow-userid` header. + - when: + - key: request.headers[{{ .Values.auth.userHeaderName }}] + notValues: ['*'] + + # allow access by any trusted principal + # Please see the following for reference: + # https://github.com/kubeflow/manifests/issues/2747 + - from: + - source: + requestPrincipals: ["*"] +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/apiserver/deployment.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/apiserver/deployment.yaml new file mode 100644 index 00000000..f67303ad --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/apiserver/deployment.yaml @@ -0,0 +1,162 @@ +{{- if (include "kubeflow.pipelines.mlPipeline.enabled" . | eq "true") -}} + +{{- $autoscalingEnabled := include "kubeflow.pipelines.mlPipeline.autoscaling.enabled" . -}} +{{- $replicas := include "kubeflow.pipelines.mlPipeline.autoscaling.minReplicas" . -}} + +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + {{- include "kubeflow.pipelines.mlPipeline.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.mlPipeline.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + {{- if (eq $autoscalingEnabled "false") }} + replicas: {{ $replicas }} + {{- end }} + + selector: + matchLabels: + {{- include "kubeflow.pipelines.mlPipeline.selectorLabels" . | nindent 6 }} + + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "true" + labels: + {{- include "kubeflow.pipelines.mlPipeline.selectorLabels" . | nindent 8 }} + + spec: + containers: + - name: ml-pipeline-api-server + image: {{ include "kubeflow.pipelines.mlPipeline.image" . }} + imagePullPolicy: {{ include "kubeflow.pipelines.mlPipeline.imagePullPolicy" . }} + + env: + {{- include "kubeflow.pipelines.mlPipeline.config.db.user.env.spec" . | nindent 8 }} + {{- include "kubeflow.pipelines.mlPipeline.config.db.password.env.spec" . | nindent 8 }} + {{- include "kubeflow.pipelines.mlPipeline.config.db.host.env.spec" . | nindent 8 }} + {{- include "kubeflow.pipelines.mlPipeline.config.db.port.env.spec" . | nindent 8 }} + {{- include "kubeflow.pipelines.mlPipeline.config.db.pipelineDatabaseName.env.spec" . | nindent 8 }} + {{- include "kubeflow.pipelines.mlPipeline.config.db.conMaxLifetime.env.spec" . | nindent 8 }} + {{- include "kubeflow.pipelines.mlPipeline.config.db.driver.env.spec" . | nindent 8 }} + + {{- include "kubeflow.pipelines.mlPipeline.config.objectStore.accessKey.env.spec" . | nindent 8 }} + {{- include "kubeflow.pipelines.mlPipeline.config.objectStore.secretAccessKey.env.spec" . | nindent 8 }} + {{- include "kubeflow.pipelines.mlPipeline.config.objectStore.host.env.spec" . | nindent 8 }} + {{- include "kubeflow.pipelines.mlPipeline.config.objectStore.port.env.spec" . | nindent 8 }} + {{- include "kubeflow.pipelines.mlPipeline.config.objectStore.region.env.spec" . | nindent 8 }} + {{- include "kubeflow.pipelines.mlPipeline.config.objectStore.bucketName.env.spec" . | nindent 8 }} + {{- include "kubeflow.pipelines.mlPipeline.config.objectStore.secure.env.spec" . | nindent 8 }} + + # --- + # variables from pipeline-api-server-config-dc9hkg52h6 + # TODO: parameterize DEFAULTPIPELINERUNNERSERVICEACCOUNT + - name: DEFAULTPIPELINERUNNERSERVICEACCOUNT + value: default-editor + - name: MULTIUSER + value: {{ (include "kubeflow.isMultiuser" .) | quote }} + - name: VISUALIZATIONSERVICE_NAME + value: ml-pipeline-visualizationserver + - name: VISUALIZATIONSERVICE_PORT + value: "8888" + - name: LOG_LEVEL + value: "info" + # --- + + - name: KUBEFLOW_USERID_HEADER + value: {{ .Values.auth.userHeaderName | quote }} + - name: KUBEFLOW_USERID_PREFIX + value: {{ .Values.auth.userIdPrefix | quote }} + - name: AUTO_UPDATE_PIPELINE_DEFAULT_VERSION + value: {{ .Values.pipelines.mlPipeline.config.autoUpdatePipelineDefaultVersion | quote }} + + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + + ports: + - name: http + containerPort: 8888 + - name: grpc + containerPort: 8887 + + # readinessProbe: + # exec: + # command: + # - wget + # - -q # quiet + # - -S # show server response + # - -O + # - "-" # Redirect output to stdout + # - http://localhost:8888/apis/v1beta1/healthz + # initialDelaySeconds: 3 + # periodSeconds: 5 + # timeoutSeconds: 2 + # livenessProbe: + # exec: + # command: + # - wget + # - -q # quiet + # - -S # show server response + # - -O + # - "-" # Redirect output to stdout + # - http://localhost:8888/apis/v1beta1/healthz + # initialDelaySeconds: 3 + # periodSeconds: 5 + # timeoutSeconds: 2 + # # This startup probe provides up to a 60 second grace window before the + # # liveness probe takes over to accomodate the occasional database + # # migration. + # startupProbe: + # exec: + # command: + # - wget + # - -q # quiet + # - -S # show server response + # - -O + # - "-" # Redirect output to stdout + # - http://localhost:8888/apis/v1beta1/healthz + # failureThreshold: 12 + # periodSeconds: 5 + # timeoutSeconds: 2 + + {{- with .Values.pipelines.mlPipeline.resources }} + resources: + {{- toYaml . | nindent 10 }} + {{- end }} + + {{- with include "kubeflow.pipelines.mlPipeline.containerSecurityContext" . }} + securityContext: + {{- . | nindent 10 }} + {{- end }} + + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + + serviceAccountName: {{ include "kubeflow.pipelines.mlPipeline.serviceAccountName" . }} + + {{- with include "kubeflow.pipelines.mlPipeline.nodeSelector" . }} + nodeSelector: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.pipelines.mlPipeline.tolerations" . }} + tolerations: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.pipelines.mlPipeline.affinity" . }} + affinity: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.pipelines.mlPipeline.topologySpreadConstraints" . }} + topologySpreadConstraints: + {{- . | nindent 8 }} + {{- end }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/apiserver/destinationrule.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/apiserver/destinationrule.yaml new file mode 100644 index 00000000..43419ead --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/apiserver/destinationrule.yaml @@ -0,0 +1,16 @@ +{{- if (include "kubeflow.pipelines.mlPipeline.createIstioIntegrationObjects" .) -}} + +apiVersion: networking.istio.io/v1alpha3 +kind: DestinationRule +metadata: + labels: + {{- include "kubeflow.pipelines.mlPipeline.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.mlPipeline.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + host: {{ include "kubeflow.pipelines.mlPipeline.svc.fqdn" . }} + trafficPolicy: + tls: + mode: ISTIO_MUTUAL + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/apiserver/role-or-clusterrole.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/apiserver/role-or-clusterrole.yaml new file mode 100644 index 00000000..1aa0a28b --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/apiserver/role-or-clusterrole.yaml @@ -0,0 +1,85 @@ +{{- if (include "kubeflow.pipelines.mlPipeline.rbac.createRoles" .) -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: {{ include "kubeflow.deploymentMode.scopedRoleKind" . }} +metadata: + labels: + {{- include "kubeflow.pipelines.mlPipeline.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.mlPipeline.roleName" . }} + namespace: {{ include "kubeflow.namespace" . }} +rules: +- apiGroups: + - "" + resources: + - pods + - pods/log + verbs: + - get + - list + - delete +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - create + - get + - list + - update + - patch + - delete +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - tekton.dev + resources: + - pipelineruns + - taskruns + - conditions + - runs + - tasks + - customruns + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - custom.tekton.dev + resources: + - pipelineloops + verbs: + - create + - get + - list + - watch + - update + - patch + - delete + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/apiserver/rolebinding-or-clusterrolebinding.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/apiserver/rolebinding-or-clusterrolebinding.yaml new file mode 100644 index 00000000..aa9961c8 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/apiserver/rolebinding-or-clusterrolebinding.yaml @@ -0,0 +1,19 @@ +{{- if (include "kubeflow.pipelines.mlPipeline.rbac.createRoles" .) -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: {{ include "kubeflow.deploymentMode.scopedRoleBindingKind" . }} +metadata: + labels: + {{- include "kubeflow.pipelines.mlPipeline.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.mlPipeline.roleBindingName" . }} + namespace: {{ include "kubeflow.namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: {{ include "kubeflow.deploymentMode.scopedRoleKind" . }} + name: {{ include "kubeflow.pipelines.mlPipeline.roleName" . }} +subjects: +- kind: ServiceAccount + name: {{ include "kubeflow.pipelines.mlPipeline.serviceAccountName" . }} + namespace: {{ include "kubeflow.namespace" . }} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/apiserver/sa.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/apiserver/sa.yaml new file mode 100644 index 00000000..0a57ee60 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/apiserver/sa.yaml @@ -0,0 +1,15 @@ +{{- if (include "kubeflow.pipelines.mlPipeline.createServiceAccount" . | eq "true") -}} + +apiVersion: v1 +kind: ServiceAccount +metadata: + {{- with .Values.pipelines.mlPipeline.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "kubeflow.pipelines.mlPipeline.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.mlPipeline.serviceAccountName" . }} + namespace: {{ include "kubeflow.namespace" . }} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/apiserver/service.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/apiserver/service.yaml new file mode 100644 index 00000000..a2da4146 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/apiserver/service.yaml @@ -0,0 +1,32 @@ +{{- if (include "kubeflow.pipelines.mlPipeline.enabled" . | eq "true") -}} + +apiVersion: v1 +kind: Service +metadata: + annotations: + {{- with .Values.pipelines.mlPipeline.service.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + prometheus.io/port: "8888" + prometheus.io/scheme: http + prometheus.io/scrape: "true" + labels: + {{- include "kubeflow.pipelines.mlPipeline.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.mlPipeline.svc.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + ports: + - name: http + port: 8888 + protocol: TCP + targetPort: 8888 + - name: grpc + port: 8887 + protocol: TCP + targetPort: 8887 + selector: + {{- include "kubeflow.pipelines.mlPipeline.selectorLabels" . | nindent 4 }} + sessionAffinity: None + type: {{ .Values.pipelines.mlPipeline.service.type }} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-envoy/deployment.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-envoy/deployment.yaml new file mode 100644 index 00000000..8ba88c2e --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-envoy/deployment.yaml @@ -0,0 +1,76 @@ +{{- if (include "kubeflow.pipelines.metadataEnvoy.enabled" . | eq "true") -}} + +{{- $autoscalingEnabled := include "kubeflow.pipelines.metadataEnvoy.autoscaling.enabled" . -}} +{{- $replicas := include "kubeflow.pipelines.metadataEnvoy.autoscaling.minReplicas" . -}} + +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + {{- include "kubeflow.pipelines.metadataEnvoy.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.metadataEnvoy.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + {{- if (eq $autoscalingEnabled "false") }} + replicas: {{ $replicas }} + {{- end }} + + selector: + matchLabels: + {{- include "kubeflow.pipelines.metadataEnvoy.selectorLabels" . | nindent 6 }} + + template: + metadata: + labels: + {{- include "kubeflow.pipelines.metadataEnvoy.selectorLabels" . | nindent 8 }} + + spec: + containers: + - name: metadata-envoy + image: {{ include "kubeflow.pipelines.metadataEnvoy.image" . }} + imagePullPolicy: {{ include "kubeflow.pipelines.metadataEnvoy.imagePullPolicy" . }} + + ports: + - name: md-envoy + containerPort: 9090 + - name: envoy-admin + containerPort: 9901 + + {{- with .Values.pipelines.metadataEnvoy.resources }} + resources: + {{- toYaml . | nindent 10 }} + {{- end }} + + {{- with include "kubeflow.pipelines.metadataEnvoy.containerSecurityContext" . }} + securityContext: + {{- . | nindent 10 }} + {{- end }} + + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + + serviceAccountName: {{ include "kubeflow.pipelines.metadataEnvoy.serviceAccountName" . }} + + {{- with include "kubeflow.pipelines.metadataEnvoy.nodeSelector" . }} + nodeSelector: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.pipelines.metadataEnvoy.tolerations" . }} + tolerations: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.pipelines.metadataEnvoy.affinity" . }} + affinity: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.pipelines.metadataEnvoy.topologySpreadConstraints" . }} + topologySpreadConstraints: + {{- . | nindent 8 }} + {{- end }} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-envoy/sa.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-envoy/sa.yaml new file mode 100644 index 00000000..94ce2414 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-envoy/sa.yaml @@ -0,0 +1,15 @@ +{{- if (include "kubeflow.pipelines.metadataEnvoy.createServiceAccount" . | eq "true") -}} + +apiVersion: v1 +kind: ServiceAccount +metadata: + {{- with .Values.pipelines.metadataEnvoy.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "kubeflow.pipelines.metadataEnvoy.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.metadataEnvoy.serviceAccountName" . }} + namespace: {{ include "kubeflow.namespace" . }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-envoy/service.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-envoy/service.yaml new file mode 100644 index 00000000..e73db2f7 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-envoy/service.yaml @@ -0,0 +1,41 @@ +{{- if (include "kubeflow.pipelines.metadataEnvoy.enabled" . | eq "true") -}} + +kind: Service +apiVersion: v1 +metadata: + labels: + {{- include "kubeflow.pipelines.metadataEnvoy.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.metadataEnvoy.svc.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + ports: + - port: 9090 + protocol: TCP + name: md-envoy + selector: + {{- include "kubeflow.pipelines.metadataEnvoy.selectorLabels" . | nindent 4 }} + sessionAffinity: None + type: {{ .Values.pipelines.metadataEnvoy.service.type }} + +--- + +# TODO: having this SVC is a workaround... metadata-envoy service might be hardcoded... + +kind: Service +apiVersion: v1 +metadata: + labels: + {{- include "kubeflow.pipelines.metadataEnvoy.labels" . | nindent 4 }} + name: metadata-envoy-service + namespace: {{ include "kubeflow.namespace" . }} +spec: + ports: + - port: 9090 + protocol: TCP + name: md-envoy + selector: + {{- include "kubeflow.pipelines.metadataEnvoy.selectorLabels" . | nindent 4 }} + sessionAffinity: None + type: {{ .Values.pipelines.metadataEnvoy.service.type }} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-grpc-server/authorizationpolicy.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-grpc-server/authorizationpolicy.yaml new file mode 100644 index 00000000..bb40e261 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-grpc-server/authorizationpolicy.yaml @@ -0,0 +1,18 @@ +{{- if (include "kubeflow.pipelines.metadataGrpcServer.createIstioIntegrationObjects" .) -}} + +apiVersion: security.istio.io/v1beta1 +kind: AuthorizationPolicy +metadata: + labels: + {{- include "kubeflow.pipelines.metadataGrpcServer.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.metadataGrpcServer.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + action: ALLOW + selector: + matchLabels: + {{- include "kubeflow.pipelines.metadataGrpcServer.selectorLabels" . | nindent 6 }} + rules: + - {} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-grpc-server/deployment.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-grpc-server/deployment.yaml new file mode 100644 index 00000000..2c61f12b --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-grpc-server/deployment.yaml @@ -0,0 +1,103 @@ +{{- if (include "kubeflow.pipelines.metadataGrpcServer.enabled" .) -}} + +{{- $autoscalingEnabled := include "kubeflow.pipelines.metadataGrpcServer.autoscaling.enabled" . -}} +{{- $replicas := include "kubeflow.pipelines.metadataGrpcServer.autoscaling.minReplicas" . -}} + +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + {{- include "kubeflow.pipelines.metadataGrpcServer.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.metadataGrpcServer.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + {{- if (eq $autoscalingEnabled "false") }} + replicas: {{ $replicas }} + {{- end }} + + selector: + matchLabels: + {{- include "kubeflow.pipelines.metadataGrpcServer.selectorLabels" . | nindent 6 }} + + template: + metadata: + labels: + {{- include "kubeflow.pipelines.metadataGrpcServer.selectorLabels" . | nindent 8 }} + spec: + containers: + - name: metadata-grpc-server + image: {{ include "kubeflow.pipelines.metadataGrpcServer.image" . }} + imagePullPolicy: {{ include "kubeflow.pipelines.metadataGrpcServer.imagePullPolicy" . }} + + env: + {{- include "kubeflow.pipelines.metadataGrpcServer.config.db.user.env.spec" . | nindent 8 }} + {{- include "kubeflow.pipelines.metadataGrpcServer.config.db.password.env.spec" . | nindent 8 }} + {{- include "kubeflow.pipelines.metadataGrpcServer.config.db.host.env.spec" . | nindent 8 }} + {{- include "kubeflow.pipelines.metadataGrpcServer.config.db.port.env.spec" . | nindent 8 }} + {{- include "kubeflow.pipelines.metadataGrpcServer.config.db.mlmdDatabaseName.env.spec" . | nindent 8 }} + + command: ["/bin/metadata_store_server"] + args: + - --grpc_port={{ .Values.pipelines.metadataGrpcServer.service.port }} + - --mysql_config_user=$({{ include "kubeflow.pipelines.metadataGrpcServer.config.db.user.env.name" . }}) + - --mysql_config_password=$({{ include "kubeflow.pipelines.metadataGrpcServer.config.db.password.env.name" . }}) + - --mysql_config_host=$({{ include "kubeflow.pipelines.metadataGrpcServer.config.db.host.env.name" . }}) + - --mysql_config_port=$({{ include "kubeflow.pipelines.metadataGrpcServer.config.db.port.env.name" . }}) + - --mysql_config_database=$({{ include "kubeflow.pipelines.metadataGrpcServer.config.db.mlmdDatabaseName.env.name" .}}) + - --enable_database_upgrade=true + + ports: + - name: grpc-api + containerPort: {{ .Values.pipelines.metadataGrpcServer.service.port }} + + livenessProbe: + tcpSocket: + port: grpc-api + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + readinessProbe: + tcpSocket: + port: grpc-api + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + + {{- with .Values.pipelines.metadataGrpcServer.resources }} + resources: + {{- toYaml . | nindent 10 }} + {{- end }} + + {{- with include "kubeflow.pipelines.metadataGrpcServer.containerSecurityContext" . }} + securityContext: + {{- . | nindent 10 }} + {{- end }} + + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + + serviceAccountName: {{ include "kubeflow.pipelines.metadataGrpcServer.serviceAccountName" . }} + + {{- with include "kubeflow.pipelines.metadataGrpcServer.nodeSelector" . }} + nodeSelector: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.pipelines.metadataGrpcServer.tolerations" . }} + tolerations: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.pipelines.metadataGrpcServer.affinity" . }} + affinity: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.pipelines.metadataGrpcServer.topologySpreadConstraints" . }} + topologySpreadConstraints: + {{- . | nindent 8 }} + {{- end }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-grpc-server/destinationrule.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-grpc-server/destinationrule.yaml new file mode 100644 index 00000000..81691043 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-grpc-server/destinationrule.yaml @@ -0,0 +1,16 @@ +{{- if (include "kubeflow.pipelines.metadataGrpcServer.createIstioIntegrationObjects" .) -}} + +apiVersion: networking.istio.io/v1alpha3 +kind: DestinationRule +metadata: + labels: + {{- include "kubeflow.pipelines.metadataGrpcServer.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.metadataGrpcServer.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + host: {{ include "kubeflow.pipelines.metadataGrpcServer.svc.fqdn" . }} + trafficPolicy: + tls: + mode: ISTIO_MUTUAL + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-grpc-server/sa.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-grpc-server/sa.yaml new file mode 100644 index 00000000..da5c3ed2 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-grpc-server/sa.yaml @@ -0,0 +1,15 @@ +{{- if (include "kubeflow.pipelines.metadataGrpcServer.createServiceAccount" . | eq "true") -}} + +apiVersion: v1 +kind: ServiceAccount +metadata: + {{- with .Values.pipelines.metadataGrpcServer.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "kubeflow.pipelines.metadataGrpcServer.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.metadataGrpcServer.serviceAccountName" . }} + namespace: {{ include "kubeflow.namespace" . }} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-grpc-server/service.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-grpc-server/service.yaml new file mode 100644 index 00000000..aef9c67a --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-grpc-server/service.yaml @@ -0,0 +1,55 @@ +{{- if (include "kubeflow.pipelines.metadataGrpcServer.enabled" . | eq "true") -}} + +kind: Service +apiVersion: v1 +metadata: + {{- with .Values.pipelines.metadataGrpcServer.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "kubeflow.pipelines.metadataGrpcServer.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.metadataGrpcServer.svc.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + ports: + - port: {{ .Values.pipelines.metadataGrpcServer.service.port }} + protocol: TCP + name: grpc-api + selector: + {{- include "kubeflow.pipelines.metadataGrpcServer.selectorLabels" . | nindent 4 }} + sessionAffinity: None + type: {{ .Values.pipelines.metadataGrpcServer.service.type }} + +--- + +# TODO: having this SVC is a workaround... metadata-grpc service might be hardcoded... +# Consider adding following snipper: +# env: +# - name: METADATA_GRPC_SERVICE_SERVICE_HOST +# value: {{ include "kubeflow.pipelines.metadataGrpcServer.svc.name" . }} +# - name: METADATA_GRPC_SERVICE_SERVICE_PORT +# value: "8080" + +kind: Service +apiVersion: v1 +metadata: + {{- with .Values.pipelines.metadataGrpcServer.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "kubeflow.pipelines.metadataGrpcServer.labels" . | nindent 4 }} + name: metadata-grpc-service + namespace: {{ include "kubeflow.namespace" . }} +spec: + ports: + - port: {{ .Values.pipelines.metadataGrpcServer.service.port }} + protocol: TCP + name: grpc-api + selector: + {{- include "kubeflow.pipelines.metadataGrpcServer.selectorLabels" . | nindent 4 }} + sessionAffinity: None + type: {{ .Values.pipelines.metadataGrpcServer.service.type }} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-grpc-server/virtualservice.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-grpc-server/virtualservice.yaml new file mode 100644 index 00000000..8d74abb9 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-grpc-server/virtualservice.yaml @@ -0,0 +1,28 @@ +{{- if (include "kubeflow.pipelines.metadataGrpcServer.createIstioIntegrationObjects" . ) -}} + +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + labels: + {{- include "kubeflow.pipelines.metadataGrpcServer.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.metadataGrpcServer.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + gateways: + - {{ .Values.istioIntegration.gateway.name }} + hosts: + # TODO: parameterize all VS Hosts. + - '*' + http: + - match: + - uri: + prefix: {{ .Values.pipelines.metadataGrpcServer.config.urlPrefix }} + rewrite: + uri: {{ .Values.pipelines.metadataGrpcServer.config.urlPrefix }} + route: + - destination: + host: {{ include "kubeflow.pipelines.metadataEnvoy.svc.fqdn" . }} + port: + number: 9090 + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-writer/deployment.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-writer/deployment.yaml new file mode 100644 index 00000000..d25d2037 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-writer/deployment.yaml @@ -0,0 +1,84 @@ +{{- if (include "kubeflow.pipelines.metadataWriter.enabled" . | eq "true") -}} + +{{- $autoscalingEnabled := include "kubeflow.pipelines.metadataWriter.autoscaling.enabled" . -}} +{{- $replicas := include "kubeflow.pipelines.metadataWriter.autoscaling.minReplicas" . -}} + +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + {{- include "kubeflow.pipelines.metadataWriter.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.metadataWriter.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + {{- if (eq $autoscalingEnabled "false") }} + replicas: {{ $replicas }} + {{- end }} + + selector: + matchLabels: + {{- include "kubeflow.pipelines.metadataWriter.selectorLabels" . | nindent 6 }} + + template: + metadata: + labels: + {{- include "kubeflow.pipelines.metadataWriter.selectorLabels" . | nindent 8 }} + + spec: + containers: + - name: main + image: {{ include "kubeflow.pipelines.metadataWriter.image" . }} + imagePullPolicy: {{ include "kubeflow.pipelines.metadataWriter.imagePullPolicy" . }} + + env: + - name: METADATA_GRPC_SERVICE_SERVICE_HOST + value: {{ include "kubeflow.pipelines.metadataGrpcServer.svc.name" . }} + - name: METADATA_GRPC_SERVICE_SERVICE_PORT + value: "8080" + - name: NAMESPACE_TO_WATCH + {{- if (include "kubeflow.deploymentMode.namespace" .) }} + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- else }} + value: "" + {{- end }} + + {{- with .Values.pipelines.metadataWriter.resources }} + resources: + {{- toYaml . | nindent 10 }} + {{- end }} + + {{- with include "kubeflow.pipelines.metadataWriter.containerSecurityContext" . }} + securityContext: + {{- . | nindent 10 }} + {{- end }} + + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + + serviceAccountName: {{ include "kubeflow.pipelines.metadataWriter.serviceAccountName" . }} + + {{- with include "kubeflow.pipelines.metadataWriter.nodeSelector" . }} + nodeSelector: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.pipelines.metadataWriter.tolerations" . }} + tolerations: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.pipelines.metadataWriter.affinity" . }} + affinity: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.pipelines.metadataWriter.topologySpreadConstraints" . }} + topologySpreadConstraints: + {{- . | nindent 8 }} + {{- end }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-writer/role-or-clusterrole.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-writer/role-or-clusterrole.yaml new file mode 100644 index 00000000..f3020959 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-writer/role-or-clusterrole.yaml @@ -0,0 +1,38 @@ +{{- if (include "kubeflow.pipelines.metadataWriter.rbac.createRoles" .) -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: {{ include "kubeflow.deploymentMode.scopedRoleKind" . }} +metadata: + labels: + {{- include "kubeflow.pipelines.metadataWriter.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.metadataWriter.roleName" . }} + namespace: {{ include "kubeflow.namespace" . }} +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch + - update + - patch + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-writer/rolebinding-or-clusterrolebinding.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-writer/rolebinding-or-clusterrolebinding.yaml new file mode 100644 index 00000000..b4dee83c --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-writer/rolebinding-or-clusterrolebinding.yaml @@ -0,0 +1,19 @@ +{{- if (include "kubeflow.pipelines.metadataWriter.rbac.createRoles" .) -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: {{ include "kubeflow.deploymentMode.scopedRoleBindingKind" . }} +metadata: + labels: + {{- include "kubeflow.pipelines.metadataWriter.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.metadataWriter.roleBindingName" . }} + namespace: {{ include "kubeflow.namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: {{ include "kubeflow.deploymentMode.scopedRoleKind" . }} + name: {{ include "kubeflow.pipelines.metadataWriter.roleName" . }} +subjects: +- kind: ServiceAccount + name: {{ include "kubeflow.pipelines.metadataWriter.serviceAccountName" . }} + namespace: {{ include "kubeflow.namespace" . }} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-writer/sa.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-writer/sa.yaml new file mode 100644 index 00000000..0aff38a1 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-writer/sa.yaml @@ -0,0 +1,15 @@ +{{- if (include "kubeflow.pipelines.metadataWriter.createServiceAccount" . | eq "true") -}} + +apiVersion: v1 +kind: ServiceAccount +metadata: + {{- with .Values.pipelines.metadataWriter.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "kubeflow.pipelines.metadataWriter.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.metadataWriter.serviceAccountName" . }} + namespace: {{ include "kubeflow.namespace" . }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/persistenceagent/deployment.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/persistenceagent/deployment.yaml new file mode 100644 index 00000000..65245f20 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/persistenceagent/deployment.yaml @@ -0,0 +1,100 @@ +{{- if (include "kubeflow.pipelines.persistenceAgent.enabled" . | eq "true") -}} + +{{- $autoscalingEnabled := include "kubeflow.pipelines.persistenceAgent.autoscaling.enabled" . -}} +{{- $replicas := include "kubeflow.pipelines.persistenceAgent.autoscaling.minReplicas" . -}} + +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + {{- include "kubeflow.pipelines.persistenceAgent.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.persistenceAgent.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + {{- if (eq $autoscalingEnabled "false") }} + replicas: {{ $replicas }} + {{- end }} + + selector: + matchLabels: + {{- include "kubeflow.pipelines.persistenceAgent.selectorLabels" . | nindent 6 }} + + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "true" + labels: + {{- include "kubeflow.pipelines.persistenceAgent.selectorLabels" . | nindent 8 }} + + spec: + containers: + - name: ml-pipeline-persistenceagent + image: {{ include "kubeflow.pipelines.persistenceAgent.image" . }} + imagePullPolicy: {{ include "kubeflow.pipelines.persistenceAgent.imagePullPolicy" . }} + + env: + - name: TTL_SECONDS_AFTER_WORKFLOW_FINISH + value: {{ .Values.pipelines.persistenceAgent.config.ttlSecondsAfterWorkflowFinish | quote }} + - name: NUM_WORKERS + value: {{ .Values.pipelines.persistenceAgent.config.numWorkers | quote }} + - name: NAMESPACE + {{- if (include "kubeflow.deploymentMode.namespace" .) }} + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- else }} + value: "" + {{- end }} + + {{- with .Values.pipelines.persistenceAgent.resources }} + resources: + {{- toYaml . | nindent 10 }} + {{- end }} + + {{- with include "kubeflow.pipelines.persistenceAgent.containerSecurityContext" . }} + securityContext: + {{- . | nindent 10 }} + {{- end }} + + volumeMounts: + - mountPath: /var/run/secrets/kubeflow/tokens + name: persistenceagent-sa-token + + volumes: + - name: persistenceagent-sa-token + projected: + sources: + - serviceAccountToken: + path: persistenceagent-sa-token + expirationSeconds: 3600 + audience: pipelines.kubeflow.org + + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + + serviceAccountName: {{ include "kubeflow.pipelines.persistenceAgent.serviceAccountName" . }} + + {{- with include "kubeflow.pipelines.persistenceAgent.nodeSelector" . }} + nodeSelector: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.pipelines.persistenceAgent.tolerations" . }} + tolerations: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.pipelines.persistenceAgent.affinity" . }} + affinity: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.pipelines.persistenceAgent.topologySpreadConstraints" . }} + topologySpreadConstraints: + {{- . | nindent 8 }} + {{- end }} + + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/persistenceagent/role-or-clusterrole.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/persistenceagent/role-or-clusterrole.yaml new file mode 100644 index 00000000..cc91248e --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/persistenceagent/role-or-clusterrole.yaml @@ -0,0 +1,42 @@ +{{- if (include "kubeflow.pipelines.persistenceAgent.rbac.createRoles" . | eq "true") -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: {{ include "kubeflow.deploymentMode.scopedRoleKind" . }} +metadata: + labels: + {{- include "kubeflow.pipelines.persistenceAgent.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.persistenceAgent.roleName" . }} + namespace: {{ include "kubeflow.namespace" . }} +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - get + - list + - watch +- apiGroups: + - pipelines.kubeflow.org + resources: + - scheduledworkflows + - workflows + verbs: + - report +- apiGroups: + - pipelines.kubeflow.org + resources: + - runs + verbs: + - reportMetrics + - readArtifact + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/persistenceagent/rolebinding-or-clusterrolebinding.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/persistenceagent/rolebinding-or-clusterrolebinding.yaml new file mode 100644 index 00000000..7b95e0b3 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/persistenceagent/rolebinding-or-clusterrolebinding.yaml @@ -0,0 +1,19 @@ +{{- if (include "kubeflow.pipelines.persistenceAgent.rbac.createRoles" . | eq "true") -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: {{ include "kubeflow.deploymentMode.scopedRoleBindingKind" . }} +metadata: + labels: + {{- include "kubeflow.pipelines.persistenceAgent.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.persistenceAgent.roleBindingName" . }} + namespace: {{ include "kubeflow.namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: {{ include "kubeflow.deploymentMode.scopedRoleKind" . }} + name: {{ include "kubeflow.pipelines.persistenceAgent.roleName" . }} +subjects: +- kind: ServiceAccount + name: {{ include "kubeflow.pipelines.persistenceAgent.serviceAccountName" . }} + namespace: {{ include "kubeflow.namespace" . }} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/persistenceagent/sa.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/persistenceagent/sa.yaml new file mode 100644 index 00000000..879d6b9f --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/persistenceagent/sa.yaml @@ -0,0 +1,15 @@ +{{- if (include "kubeflow.pipelines.persistenceAgent.createServiceAccount" . | eq "true") -}} + +apiVersion: v1 +kind: ServiceAccount +metadata: + {{- with .Values.pipelines.persistenceAgent.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "kubeflow.pipelines.persistenceAgent.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.persistenceAgent.serviceAccountName" . }} + namespace: {{ include "kubeflow.namespace" . }} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/scheduledworkflow/deployment.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/scheduledworkflow/deployment.yaml new file mode 100644 index 00000000..71b3418e --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/scheduledworkflow/deployment.yaml @@ -0,0 +1,87 @@ +{{- if (include "kubeflow.pipelines.scheduledWorkflow.enabled" . | eq "true") -}} + +{{- $autoscalingEnabled := include "kubeflow.pipelines.scheduledWorkflow.autoscaling.enabled" . -}} +{{- $replicas := include "kubeflow.pipelines.scheduledWorkflow.autoscaling.minReplicas" . -}} + +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + {{- include "kubeflow.pipelines.scheduledWorkflow.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.scheduledWorkflow.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + {{- if (eq $autoscalingEnabled "false") }} + replicas: {{ $replicas }} + {{- end }} + + selector: + matchLabels: + {{- include "kubeflow.pipelines.scheduledWorkflow.selectorLabels" . | nindent 6 }} + + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "true" + labels: + {{- include "kubeflow.pipelines.scheduledWorkflow.selectorLabels" . | nindent 8 }} + + spec: + containers: + - name: ml-pipeline-scheduledworkflow + image: {{ include "kubeflow.pipelines.scheduledWorkflow.image" . }} + imagePullPolicy: {{ include "kubeflow.pipelines.scheduledWorkflow.imagePullPolicy" . }} + + env: + - name: LOG_LEVEL + value: "info" + - name: CRON_SCHEDULE_TIMEZONE + value: {{ .Values.pipelines.scheduledWorkflow.config.cronScheduleTimezone | quote }} + + - name: NAMESPACE + {{- if (include "kubeflow.deploymentMode.namespace" .) }} + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- else }} + value: "" + {{- end }} + + {{- with .Values.pipelines.scheduledWorkflow.resources }} + resources: + {{- toYaml . | nindent 10 }} + {{- end }} + + {{- with include "kubeflow.pipelines.scheduledWorkflow.containerSecurityContext" . }} + securityContext: + {{- . | nindent 10 }} + {{- end }} + + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + + serviceAccountName: ml-pipeline-scheduledworkflow + + {{- with include "kubeflow.pipelines.scheduledWorkflow.nodeSelector" . }} + nodeSelector: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.pipelines.scheduledWorkflow.tolerations" . }} + tolerations: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.pipelines.scheduledWorkflow.affinity" . }} + affinity: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.pipelines.scheduledWorkflow.topologySpreadConstraints" . }} + topologySpreadConstraints: + {{- . | nindent 8 }} + {{- end }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/scheduledworkflow/role-or-clusterrole.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/scheduledworkflow/role-or-clusterrole.yaml new file mode 100644 index 00000000..3d4603a2 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/scheduledworkflow/role-or-clusterrole.yaml @@ -0,0 +1,44 @@ +{{- if (include "kubeflow.pipelines.scheduledWorkflow.rbac.createRoles" . | eq "true") -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: {{ include "kubeflow.deploymentMode.scopedRoleKind" . }} +metadata: + labels: + {{- include "kubeflow.pipelines.scheduledWorkflow.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.scheduledWorkflow.roleName" . }} + namespace: {{ include "kubeflow.namespace" . }} +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + - scheduledworkflows/finalizers + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - '' + resources: + - events + verbs: + - create + - patch + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/scheduledworkflow/rolebinding-or-clusterrolebinding.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/scheduledworkflow/rolebinding-or-clusterrolebinding.yaml new file mode 100644 index 00000000..bb0353e4 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/scheduledworkflow/rolebinding-or-clusterrolebinding.yaml @@ -0,0 +1,19 @@ +{{- if (include "kubeflow.pipelines.scheduledWorkflow.rbac.createRoles" . | eq "true") -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: {{ include "kubeflow.deploymentMode.scopedRoleBindingKind" . }} +metadata: + labels: + {{- include "kubeflow.pipelines.scheduledWorkflow.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.scheduledWorkflow.roleBindingName" . }} + namespace: {{ include "kubeflow.namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: {{ include "kubeflow.deploymentMode.scopedRoleKind" . }} + name: {{ include "kubeflow.pipelines.scheduledWorkflow.roleName" . }} +subjects: +- kind: ServiceAccount + name: {{ include "kubeflow.pipelines.scheduledWorkflow.serviceAccountName" . }} + namespace: {{ include "kubeflow.namespace" . }} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/scheduledworkflow/sa.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/scheduledworkflow/sa.yaml new file mode 100644 index 00000000..0ced5506 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/scheduledworkflow/sa.yaml @@ -0,0 +1,15 @@ +{{- if (include "kubeflow.pipelines.scheduledWorkflow.createServiceAccount" . | eq "true") -}} + +apiVersion: v1 +kind: ServiceAccount +metadata: + {{- with .Values.pipelines.scheduledWorkflow.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "kubeflow.pipelines.scheduledWorkflow.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.scheduledWorkflow.serviceAccountName" . }} + namespace: {{ include "kubeflow.namespace" . }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/secret.mlpipeline-minio-artifact.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/secret.mlpipeline-minio-artifact.yaml new file mode 100644 index 00000000..0f9ed5f2 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/secret.mlpipeline-minio-artifact.yaml @@ -0,0 +1,27 @@ +{{- if and + (include "kubeflow.pipelines.enabled" .) + (eq .Values.pipelines.config.objectStore.existingSecretName nil) + (eq .Values.pipelines.config.objectStore.accessKey.secretKeyRef.name nil) + (eq .Values.pipelines.config.objectStore.secretAccessKey.secretKeyRef.name nil) +-}} + +{{/* +NOTE/TODO: this secret name is hardcoded: +* <=2.1.0: + https://github.com/kubeflow/pipelines/blob/2.1.0/backend/src/v2/objectstore/object_store.go#L292 +* >=2.2.0 (state as of 2nd May 2024) + https://github.com/kubeflow/pipelines/blob/2.2.0/backend/src/v2/config/env.go#L39 +*/}} + +kind: Secret +apiVersion: v1 +metadata: + labels: + {{- include "kubeflow.pipelines.labels" . | nindent 4 }} + name: mlpipeline-minio-artifact + namespace: {{ include "kubeflow.namespace" . }} +stringData: + accesskey: {{ .Values.pipelines.config.objectStore.accessKey.value | quote }} + secretkey: {{ .Values.pipelines.config.objectStore.secretAccessKey.value | quote }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/authorizationpolicy.extAuth.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/authorizationpolicy.extAuth.yaml new file mode 100644 index 00000000..bcc63bb0 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/authorizationpolicy.extAuth.yaml @@ -0,0 +1,27 @@ +{{- if and + (include "kubeflow.pipelines.ui.createIstioIntegrationObjects" . | eq "true") + (include "kubeflow.istioIntegration.authorizationMode.granular" . | eq "true") +-}} + +# NOTE: this AuthorizationPolicy forces traffic through ext authz http extension +# so we don't have to provide configuration to allow traffic only from +# istio-ingressgateway. + +apiVersion: security.istio.io/v1beta1 +kind: AuthorizationPolicy +metadata: + labels: + {{- include "kubeflow.pipelines.ui.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.ui.authorizationPolicyExtAuthName" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + action: CUSTOM + provider: + name: {{ .Values.istioIntegration.envoyExtAuthzHttpExtensionProviderName }} + rules: + - {} + selector: + matchLabels: + {{- include "kubeflow.pipelines.ui.selectorLabels" . | nindent 6 }} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/authorizationpolicy.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/authorizationpolicy.yaml new file mode 100644 index 00000000..657bd8f6 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/authorizationpolicy.yaml @@ -0,0 +1,30 @@ +{{- if (include "kubeflow.pipelines.ui.createIstioIntegrationObjects" .) -}} + +apiVersion: security.istio.io/v1beta1 +kind: AuthorizationPolicy +metadata: + labels: + {{- include "kubeflow.pipelines.ui.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.ui.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + selector: + matchLabels: + {{- include "kubeflow.pipelines.ui.selectorLabels" . | nindent 6 }} + rules: + # Allow all requests from the ingress gateway + - from: + - source: + principals: + - {{ include "kubeflow.istioIntegration.istioIngressGateway.serviceAccountPrincipal" . }} + # Allow all requests with an `authorization` header but NOT a `kubeflow-userid` header. + # This is needed to allow Kubernetes JWTs to be passed to the KFP API. + - when: + - key: request.headers[authorization] + values: + - "*" + - key: request.headers[kubeflow-userid] + notValues: + - "*" + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/configmap.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/configmap.yaml new file mode 100644 index 00000000..89045e5d --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/configmap.yaml @@ -0,0 +1,18 @@ +{{- if (include "kubeflow.pipelines.ui.enabled" . | eq "true") -}} + +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + {{- include "kubeflow.pipelines.ui.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.ui.configMapName" . }} + namespace: {{ include "kubeflow.namespace" . }} +data: + viewer-pod-template.json: |- + { + "spec": { + "serviceAccountName": "{{ .Values.pipelines.ui.config.viewerPodServiceAccountName }}" + } + } + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/deployment.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/deployment.yaml new file mode 100644 index 00000000..e5c180d7 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/deployment.yaml @@ -0,0 +1,147 @@ +{{- if (include "kubeflow.pipelines.ui.enabled" . | eq "true") -}} + +{{- $autoscalingEnabled := include "kubeflow.pipelines.ui.autoscaling.enabled" . -}} +{{- $replicas := include "kubeflow.pipelines.ui.autoscaling.minReplicas" . -}} + +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + {{- include "kubeflow.pipelines.ui.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.ui.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + {{- if (eq $autoscalingEnabled "false") }} + replicas: {{ $replicas }} + {{- end }} + + selector: + matchLabels: + {{- include "kubeflow.pipelines.ui.selectorLabels" . | nindent 6 }} + + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "true" + labels: + {{- include "kubeflow.pipelines.ui.selectorLabels" . | nindent 8 }} + + spec: + containers: + - name: ml-pipeline-ui + image: {{ include "kubeflow.pipelines.ui.image" . }} + imagePullPolicy: {{ include "kubeflow.pipelines.ui.imagePullPolicy" . }} + + env: + {{- include "kubeflow.pipelines.ui.config.objectStore.host.env.spec" . | nindent 8 }} + {{- include "kubeflow.pipelines.ui.config.objectStore.accessKey.env.spec" . | nindent 8 }} + {{- include "kubeflow.pipelines.ui.config.objectStore.secretAccessKey.env.spec" . | nindent 8 }} + + - name: VIEWER_TENSORBOARD_POD_TEMPLATE_SPEC_PATH + value: /etc/config/viewer-pod-template.json + - name: MINIO_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: ALLOW_CUSTOM_VISUALIZATIONS + value: {{ .Values.pipelines.ui.config.allowCustomVisualizations | quote }} + + {{- if (include "kubeflow.deploymentMode.cluster" .) }} + - name: DEPLOYMENT + value: KUBEFLOW + - name: ARTIFACTS_SERVICE_PROXY_NAME + value: ml-pipeline-ui-artifact + - name: ARTIFACTS_SERVICE_PROXY_PORT + value: '80' + - name: ARTIFACTS_SERVICE_PROXY_ENABLED + value: 'true' + - name: ENABLE_AUTHZ + value: 'true' + - name: KUBEFLOW_USERID_HEADER + value: {{ .Values.auth.userHeaderName | quote }} + - name: KUBEFLOW_USERID_PREFIX + value: {{ .Values.auth.userIdPrefix | quote }} + - name: DISABLE_GKE_METADATA # https://github.com/kubeflow/pipelines/issues/11247 + value: 'true' + - name: FRONTEND_SERVER_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- end }} + + ports: + - containerPort: 3000 + + readinessProbe: + exec: + command: + - wget + - -q # quiet + - -S # show server response + - -O + - "-" # Redirect output to stdout + - http://localhost:3000/apis/v1beta1/healthz + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + livenessProbe: + exec: + command: + - wget + - -q # quiet + - -S # show server response + - -O + - "-" # Redirect output to stdout + - http://localhost:3000/apis/v1beta1/healthz + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + + {{- with .Values.pipelines.ui.resources }} + resources: + {{- toYaml . | nindent 10 }} + {{- end }} + + {{- with include "kubeflow.pipelines.ui.containerSecurityContext" . }} + securityContext: + {{- . | nindent 10 }} + {{- end }} + + volumeMounts: + - name: config-volume + mountPath: /etc/config + readOnly: true + + volumes: + - name: config-volume + configMap: + name: {{ include "kubeflow.pipelines.ui.configMapName" . }} + + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + + serviceAccountName: ml-pipeline-ui + + {{- with include "kubeflow.pipelines.ui.nodeSelector" . }} + nodeSelector: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.pipelines.ui.tolerations" . }} + tolerations: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.pipelines.ui.affinity" . }} + affinity: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.pipelines.ui.topologySpreadConstraints" . }} + topologySpreadConstraints: + {{- . | nindent 8 }} + {{- end }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/destinationrule.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/destinationrule.yaml new file mode 100644 index 00000000..7b327f63 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/destinationrule.yaml @@ -0,0 +1,16 @@ +{{- if (include "kubeflow.pipelines.ui.createIstioIntegrationObjects" .) -}} + +apiVersion: networking.istio.io/v1alpha3 +kind: DestinationRule +metadata: + labels: + {{- include "kubeflow.pipelines.ui.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.ui.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + host: {{ include "kubeflow.pipelines.ui.svc.fqdn" . }} + trafficPolicy: + tls: + mode: ISTIO_MUTUAL + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/role-or-clusterrole.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/role-or-clusterrole.yaml new file mode 100644 index 00000000..785a8414 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/role-or-clusterrole.yaml @@ -0,0 +1,49 @@ +{{- if (include "kubeflow.pipelines.ui.rbac.createRoles" . | eq "true") -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: {{ include "kubeflow.deploymentMode.scopedRoleKind" . }} +metadata: + labels: + {{- include "kubeflow.pipelines.ui.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.ui.roleName" . }} + namespace: {{ include "kubeflow.namespace" . }} +rules: +- apiGroups: + - "" + resources: + - pods + - pods/log + verbs: + - get +- apiGroups: + - "" + resources: + - events + verbs: + - list +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list +- apiGroups: + - "kubeflow.org" + resources: + - viewers + verbs: + - create + - get + - list + - watch + - delete +- apiGroups: + - "argoproj.io" + resources: + - workflows + verbs: + - get + - list + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/rolebinding-or-clusterrolebinding.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/rolebinding-or-clusterrolebinding.yaml new file mode 100644 index 00000000..3c9e282a --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/rolebinding-or-clusterrolebinding.yaml @@ -0,0 +1,19 @@ +{{- if (include "kubeflow.pipelines.ui.rbac.createRoles" . | eq "true") -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: {{ include "kubeflow.deploymentMode.scopedRoleBindingKind" . }} +metadata: + labels: + {{- include "kubeflow.pipelines.ui.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.ui.roleBindingName" . }} + namespace: {{ include "kubeflow.namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: {{ include "kubeflow.deploymentMode.scopedRoleKind" . }} + name: {{ include "kubeflow.pipelines.ui.roleName" . }} +subjects: +- kind: ServiceAccount + name: {{ include "kubeflow.pipelines.ui.serviceAccountName" . }} + namespace: {{ include "kubeflow.namespace" . }} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/sa.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/sa.yaml new file mode 100644 index 00000000..6d161b5e --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/sa.yaml @@ -0,0 +1,15 @@ +{{- if (include "kubeflow.pipelines.ui.createServiceAccount" . | eq "true") -}} + +apiVersion: v1 +kind: ServiceAccount +metadata: + {{- with .Values.pipelines.ui.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "kubeflow.pipelines.ui.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.ui.serviceAccountName" . }} + namespace: {{ include "kubeflow.namespace" . }} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/service.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/service.yaml new file mode 100644 index 00000000..52246914 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/service.yaml @@ -0,0 +1,25 @@ +{{- if (include "kubeflow.pipelines.ui.enabled" . | eq "true") -}} + +apiVersion: v1 +kind: Service +metadata: + {{- with .Values.pipelines.ui.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "kubeflow.pipelines.ui.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.ui.svc.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + ports: + - name: http + protocol: TCP + port: 80 + targetPort: 3000 + selector: + {{- include "kubeflow.pipelines.ui.selectorLabels" . | nindent 4 }} + sessionAffinity: None + type: {{ .Values.pipelines.ui.service.type }} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/virtualservice.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/virtualservice.yaml new file mode 100644 index 00000000..c6d68a63 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/virtualservice.yaml @@ -0,0 +1,28 @@ +{{- if (include "kubeflow.pipelines.ui.createIstioIntegrationObjects" .) -}} + +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + labels: + {{- include "kubeflow.pipelines.ui.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.ui.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + gateways: + - {{ .Values.istioIntegration.gateway.name }} + hosts: + - '*' + http: + - match: + - uri: + prefix: {{ .Values.pipelines.ui.config.urlPrefix }} + rewrite: + uri: {{ .Values.pipelines.ui.config.urlPrefix }} + route: + - destination: + host: {{ include "kubeflow.pipelines.ui.svc.fqdn" . }} + port: + number: 80 + timeout: 300s + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/viewer-crd/deployment.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/viewer-crd/deployment.yaml new file mode 100644 index 00000000..733b6186 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/viewer-crd/deployment.yaml @@ -0,0 +1,85 @@ +{{- if (include "kubeflow.pipelines.viewerCrd.enabled" . | eq "true") -}} + +{{- $autoscalingEnabled := include "kubeflow.pipelines.viewerCrd.autoscaling.enabled" . -}} +{{- $replicas := include "kubeflow.pipelines.viewerCrd.autoscaling.minReplicas" . -}} + +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + {{- include "kubeflow.pipelines.viewerCrd.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.viewerCrd.name" . }} + namespace: {{ include "kubeflow.namespace" . }} + +spec: + {{- if (eq $autoscalingEnabled "false") }} + replicas: {{ $replicas }} + {{- end }} + + selector: + matchLabels: + {{- include "kubeflow.pipelines.viewerCrd.selectorLabels" . | nindent 6 }} + + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "true" + labels: + {{- include "kubeflow.pipelines.viewerCrd.selectorLabels" . | nindent 8 }} + + spec: + containers: + - name: ml-pipeline-viewer-crd + image: {{ include "kubeflow.pipelines.viewerCrd.image" . }} + imagePullPolicy: {{ include "kubeflow.pipelines.viewerCrd.imagePullPolicy" . }} + + env: + - name: MAX_NUM_VIEWERS + value: {{ .Values.pipelines.viewerCrd.config.maxNumViewers | quote }} + - name: NAMESPACE + {{- if (include "kubeflow.deploymentMode.namespace" .) }} + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- else }} + value: "" + {{- end }} + + {{- with .Values.pipelines.viewerCrd.resources }} + resources: + {{- toYaml . | nindent 10 }} + {{- end }} + + {{- with include "kubeflow.pipelines.viewerCrd.containerSecurityContext" . }} + securityContext: + {{- . | nindent 10 }} + {{- end }} + + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + + serviceAccountName: {{ include "kubeflow.pipelines.viewerCrd.serviceAccountName" . }} + + {{- with include "kubeflow.pipelines.viewerCrd.nodeSelector" . }} + nodeSelector: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.pipelines.viewerCrd.tolerations" . }} + tolerations: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.pipelines.viewerCrd.affinity" . }} + affinity: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.pipelines.viewerCrd.topologySpreadConstraints" . }} + topologySpreadConstraints: + {{- . | nindent 8 }} + {{- end }} + +{{- end -}} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/viewer-crd/role-or-clusterrole.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/viewer-crd/role-or-clusterrole.yaml new file mode 100644 index 00000000..a2c46c56 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/viewer-crd/role-or-clusterrole.yaml @@ -0,0 +1,38 @@ +{{- if (include "kubeflow.pipelines.viewerCrd.rbac.createRoles" . | eq "true") -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: {{ include "kubeflow.deploymentMode.scopedRoleKind" . }} +metadata: + labels: + {{- include "kubeflow.pipelines.viewerCrd.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.viewerCrd.roleName" . }} + namespace: {{ include "kubeflow.namespace" . }} +rules: +- apiGroups: + - '*' + resources: + - deployments + - services + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - viewers + - viewers/finalizers + verbs: + - create + - get + - list + - watch + - update + - patch + - delete + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/viewer-crd/rolebinding-or-clusterrolebinding.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/viewer-crd/rolebinding-or-clusterrolebinding.yaml new file mode 100644 index 00000000..4874a4d0 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/viewer-crd/rolebinding-or-clusterrolebinding.yaml @@ -0,0 +1,19 @@ +{{- if (include "kubeflow.pipelines.viewerCrd.rbac.createRoles" . | eq "true") -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: {{ include "kubeflow.deploymentMode.scopedRoleBindingKind" . }} +metadata: + labels: + {{- include "kubeflow.pipelines.viewerCrd.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.viewerCrd.roleBindingName" . }} + namespace: {{ include "kubeflow.namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: {{ include "kubeflow.deploymentMode.scopedRoleKind" . }} + name: {{ include "kubeflow.pipelines.viewerCrd.roleName" . }} +subjects: +- kind: ServiceAccount + name: {{ include "kubeflow.pipelines.viewerCrd.serviceAccountName" . }} + namespace: {{ include "kubeflow.namespace" . }} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/viewer-crd/sa.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/viewer-crd/sa.yaml new file mode 100644 index 00000000..5d69675c --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/viewer-crd/sa.yaml @@ -0,0 +1,15 @@ +{{- if (include "kubeflow.pipelines.viewerCrd.createServiceAccount" . | eq "true") -}} + +apiVersion: v1 +kind: ServiceAccount +metadata: + {{- with .Values.pipelines.viewerCrd.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "kubeflow.pipelines.viewerCrd.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.viewerCrd.serviceAccountName" . }} + namespace: {{ include "kubeflow.namespace" . }} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/visualization/authorizationpolicy.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/visualization/authorizationpolicy.yaml new file mode 100644 index 00000000..c7ee24c0 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/visualization/authorizationpolicy.yaml @@ -0,0 +1,25 @@ +{{- if (include "kubeflow.pipelines.visualization.createIstioIntegrationObjects" .) -}} + +apiVersion: security.istio.io/v1beta1 +kind: AuthorizationPolicy +metadata: + labels: + {{- include "kubeflow.pipelines.visualization.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.visualization.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + selector: + matchLabels: + {{- include "kubeflow.pipelines.visualization.selectorLabels" . | nindent 6 }} + rules: + - from: + - source: + principals: + - {{ include "kubeflow.pipelines.mlPipeline.serviceAccountPrincipal" . }} + - {{ include "kubeflow.pipelines.ui.serviceAccountPrincipal" . }} + - {{ include "kubeflow.pipelines.persistenceAgent.serviceAccountPrincipal" . }} + - {{ include "kubeflow.pipelines.scheduledWorkflow.serviceAccountPrincipal" . }} + - {{ include "kubeflow.pipelines.viewerCrd.serviceAccountPrincipal" . }} + - {{ include "kubeflow.pipelines.cache.serviceAccountPrincipal" . }} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/visualization/deployment.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/visualization/deployment.yaml new file mode 100644 index 00000000..f06c7c38 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/visualization/deployment.yaml @@ -0,0 +1,101 @@ +{{- if (include "kubeflow.pipelines.visualization.enabled" . | eq "true") -}} + +{{- $autoscalingEnabled := include "kubeflow.pipelines.visualization.autoscaling.enabled" . -}} +{{- $replicas := include "kubeflow.pipelines.visualization.autoscaling.minReplicas" . -}} + +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + {{- include "kubeflow.pipelines.visualization.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.visualization.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + {{- if (eq $autoscalingEnabled "false") }} + replicas: {{ $replicas }} + {{- end }} + + selector: + matchLabels: + {{- include "kubeflow.pipelines.visualization.selectorLabels" . | nindent 6 }} + + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "true" + labels: + {{- include "kubeflow.pipelines.visualization.selectorLabels" . | nindent 8 }} + + spec: + containers: + - name: ml-pipeline-visualizationserver + image: {{ include "kubeflow.pipelines.visualization.image" . }} + imagePullPolicy: {{ include "kubeflow.pipelines.visualization.imagePullPolicy" . }} + + ports: + - name: http + containerPort: 8888 + + readinessProbe: + exec: + command: + - wget + - -q # quiet + - -S # show server response + - -O + - "-" # Redirect output to stdout + - http://localhost:8888/ + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + livenessProbe: + exec: + command: + - wget + - -q # quiet + - -S # show server response + - -O + - "-" # Redirect output to stdout + - http://localhost:8888/ + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + + {{- with .Values.pipelines.visualization.resources }} + resources: + {{- toYaml . | nindent 10 }} + {{- end }} + + {{- with include "kubeflow.pipelines.visualization.containerSecurityContext" . }} + securityContext: + {{- . | nindent 10 }} + {{- end }} + + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + + serviceAccountName: {{ include "kubeflow.pipelines.visualization.serviceAccountName" . }} + + {{- with include "kubeflow.pipelines.visualization.nodeSelector" . }} + nodeSelector: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.pipelines.visualization.tolerations" . }} + tolerations: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.pipelines.visualization.affinity" . }} + affinity: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.pipelines.visualization.topologySpreadConstraints" . }} + topologySpreadConstraints: + {{- . | nindent 8 }} + {{- end }} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/visualization/destinationrule.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/visualization/destinationrule.yaml new file mode 100644 index 00000000..8f441820 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/visualization/destinationrule.yaml @@ -0,0 +1,16 @@ +{{- if (include "kubeflow.pipelines.visualization.createIstioIntegrationObjects" .) -}} + +apiVersion: "networking.istio.io/v1alpha3" +kind: DestinationRule +metadata: + labels: + {{- include "kubeflow.pipelines.visualization.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.visualization.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + host: {{ include "kubeflow.pipelines.visualization.svc.fqdn" . }} + trafficPolicy: + tls: + mode: ISTIO_MUTUAL + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/visualization/sa.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/visualization/sa.yaml new file mode 100644 index 00000000..31d59b68 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/visualization/sa.yaml @@ -0,0 +1,15 @@ +{{- if (include "kubeflow.pipelines.visualization.createServiceAccount" . | eq "true") -}} + +apiVersion: v1 +kind: ServiceAccount +metadata: + {{- with .Values.pipelines.visualization.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "kubeflow.pipelines.visualization.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.visualization.serviceAccountName" . }} + namespace: {{ include "kubeflow.namespace" . }} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/visualization/service.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/visualization/service.yaml new file mode 100644 index 00000000..ec491e8d --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/visualization/service.yaml @@ -0,0 +1,25 @@ +{{- if (include "kubeflow.pipelines.visualization.enabled" . | eq "true") -}} + +apiVersion: v1 +kind: Service +metadata: + {{- with .Values.pipelines.visualization.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "kubeflow.pipelines.visualization.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.visualization.svc.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + ports: + - name: http + port: 8888 + protocol: TCP + targetPort: 8888 + selector: + {{- include "kubeflow.pipelines.visualization.selectorLabels" . | nindent 4 }} + sessionAffinity: None + type: {{ .Values.pipelines.visualization.service.type }} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/profile-controller/configmap.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/profile-controller/configmap.yaml new file mode 100644 index 00000000..a7d27570 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/profile-controller/configmap.yaml @@ -0,0 +1,14 @@ +{{- if (include "kubeflow.pipelines.profileController.enabled" .) -}} + +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + {{- include "kubeflow.pipelines.profileController.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.profileController.configMapName" . }} + namespace: {{ include "kubeflow.namespace" . }} +data: + sync.py: | + {{- .Files.Get "files/pipelines-profile-controller/sync.py" | nindent 4 }} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/profile-controller/decorator-controller.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/profile-controller/decorator-controller.yaml new file mode 100644 index 00000000..921aa8ef --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/profile-controller/decorator-controller.yaml @@ -0,0 +1,50 @@ +{{- if (include "kubeflow.pipelines.profileController.enabled" . | eq "true") -}} + +# Change resyncPeriodSeconds to 1 hour from insane 20 seconds +# Only sync namespaces with pipelines.kubeflow.org/enabled = "true" +apiVersion: metacontroller.k8s.io/v1alpha1 +kind: DecoratorController +metadata: + labels: + {{- include "kubeflow.pipelines.profileController.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.profileController.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + resyncPeriodSeconds: 3600 + resources: + - apiVersion: v1 + resource: namespaces + labelSelector: + matchLabels: + pipelines.kubeflow.org/enabled: "true" + attachments: + - apiVersion: v1 + resource: secrets + updateStrategy: + method: OnDelete + - apiVersion: v1 + resource: configmaps + updateStrategy: + method: OnDelete + - apiVersion: apps/v1 + resource: deployments + updateStrategy: + method: InPlace + - apiVersion: v1 + resource: services + updateStrategy: + method: InPlace + - apiVersion: networking.istio.io/v1alpha3 + resource: destinationrules + updateStrategy: + method: InPlace + - apiVersion: security.istio.io/v1beta1 + resource: authorizationpolicies + updateStrategy: + method: InPlace + hooks: + sync: + webhook: + url: {{ printf "http://%s/sync" (include "kubeflow.pipelines.profileController.svc.fqdn" .) }} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/profile-controller/deployment.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/profile-controller/deployment.yaml new file mode 100644 index 00000000..bd0bc517 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/profile-controller/deployment.yaml @@ -0,0 +1,119 @@ +{{- if (include "kubeflow.pipelines.profileController.enabled" . | eq "true") -}} + +{{- $autoscalingEnabled := include "kubeflow.pipelines.profileController.autoscaling.enabled" . -}} +{{- $replicas := include "kubeflow.pipelines.profileController.autoscaling.minReplicas" . -}} + +{{- $visualizationImageSplit := include "kubeflow.pipelines.visualization.image" . | split ":" -}} +{{- $visualizationImageName := $visualizationImageSplit._0 }} +{{- $visualizationImageTag := $visualizationImageSplit._1 }} + +{{- $frontendImageSplit := include "kubeflow.pipelines.ui.image" . | split ":" -}} +{{- $frontendImageName := $frontendImageSplit._0 }} +{{- $frontendImageTag := $frontendImageSplit._1 }} + +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + {{- include "kubeflow.pipelines.profileController.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.profileController.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + {{- if (eq $autoscalingEnabled "false") }} + replicas: {{ $replicas }} + {{- end }} + + selector: + matchLabels: + {{- include "kubeflow.pipelines.profileController.selectorLabels" . | nindent 6 }} + + template: + metadata: + labels: + {{- include "kubeflow.pipelines.profileController.selectorLabels" . | nindent 8 }} + + spec: + containers: + - name: profile-controller + image: {{ include "kubeflow.pipelines.profileController.image" . }} + imagePullPolicy: {{ include "kubeflow.pipelines.profileController.imagePullPolicy" . }} + + command: ["python", "/hooks/sync.py"] + + env: + {{- include "kubeflow.pipelines.profileController.config.objectStore.host.env.spec" . | nindent 8 }} + {{- include "kubeflow.pipelines.profileController.config.objectStore.accessKey.env.spec" . | nindent 8 }} + {{- include "kubeflow.pipelines.profileController.config.objectStore.secretAccessKey.env.spec" . | nindent 8 }} + + - name: DISABLE_ISTIO_SIDECAR + value: {{ .Values.pipelines.profileController.config.disableIstioSidecar | quote }} + - name: KFP_VERSION + value: {{ .Values.pipelines.defaults.image.tag | quote }} + - name: KFP_DEFAULT_PIPELINE_ROOT + value: {{ .Values.pipelines.config.defaultPipelineRoot | quote }} + - name: CONTROLLER_PORT + value: "8080" + - name: VISUALIZATION_SERVER_IMAGE + value: {{ $visualizationImageName }} + - name: VISUALIZATION_SERVER_TAG + value: {{ $visualizationImageTag | quote }} + - name: FRONTEND_IMAGE + value: {{ $frontendImageName }} + - name: FRONTEND_TAG + value: {{ $frontendImageTag | quote }} + - name: METADATA_GRPC_SERVICE_HOST + value: {{ include "kubeflow.pipelines.metadataGrpcServer.svc.addressWithNs" . }} + - name: METADATA_GRPC_SERVICE_PORT + value: {{ .Values.pipelines.metadataGrpcServer.service.port | quote }} + - name: ML_PIPELINE_SA_PRINCIPAL + value: {{ include "kubeflow.pipelines.mlPipeline.serviceAccountPrincipal" . }} + + {{- with .Values.pipelines.profileController.resources }} + resources: + {{- toYaml . | nindent 10 }} + {{- end }} + + {{- with include "kubeflow.pipelines.profileController.containerSecurityContext" . }} + securityContext: + {{- . | nindent 10 }} + {{- end }} + + volumeMounts: + - name: hooks + mountPath: /hooks + ports: + - containerPort: 8080 + + volumes: + - name: hooks + configMap: + name: {{ include "kubeflow.pipelines.profileController.configMapName" . }} + + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + + serviceAccountName: {{ include "kubeflow.pipelines.profileController.serviceAccountName" . }} + + {{- with include "kubeflow.pipelines.profileController.nodeSelector" . }} + nodeSelector: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.pipelines.profileController.tolerations" . }} + tolerations: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.pipelines.profileController.affinity" . }} + affinity: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.pipelines.profileController.topologySpreadConstraints" . }} + topologySpreadConstraints: + {{- . | nindent 8 }} + {{- end }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/profile-controller/service.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/profile-controller/service.yaml new file mode 100644 index 00000000..15661b6a --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/profile-controller/service.yaml @@ -0,0 +1,21 @@ +{{- if (include "kubeflow.pipelines.profileController.enabled" . | eq "true") -}} + +apiVersion: v1 +kind: Service +metadata: + labels: + {{- include "kubeflow.pipelines.profileController.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.profileController.svc.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 8080 + selector: + {{- include "kubeflow.pipelines.profileController.selectorLabels" . | nindent 4 }} + sessionAffinity: None + type: {{ .Values.pipelines.profileController.service.type }} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/rbac/clusterrole.cache-deployer.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/rbac/clusterrole.cache-deployer.yaml new file mode 100644 index 00000000..1a9cb96c --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/rbac/clusterrole.cache-deployer.yaml @@ -0,0 +1,45 @@ +{{/* +Cache Deployer is currently not supported +*/}} + +{{/* +{{- if (include "kubeflow.pipelines.cache.enabled" . | eq "true") -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: kubeflow-pipelines-cache-deployer-clusterrole + name: {{ include "kubeflow.pipelines.rbac.cacheDeployer.clusterRoleName" . }} +rules: +- apiGroups: + - certificates.k8s.io + resources: + - certificatesigningrequests + - certificatesigningrequests/approval + verbs: + - create + - delete + - get + - update +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + verbs: + - create + - delete + - get + - list + - patch +- apiGroups: + - certificates.k8s.io + resources: + - signers + resourceNames: + - kubernetes.io/* + verbs: + - approve + +{{- end }} +*/}} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/rbac/clusterrolebinding.cache-deployer.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/rbac/clusterrolebinding.cache-deployer.yaml new file mode 100644 index 00000000..9e901a19 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/rbac/clusterrolebinding.cache-deployer.yaml @@ -0,0 +1,24 @@ +{{/* +Cache Deployer is currently not supported +*/}} + +{{/* +{{- if (include "kubeflow.pipelines.cache.enabled" . | eq "true") -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + {{- include "kubeflow.pipelines.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.rbac.cacheDeployer.clusterRoleBindingName" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "kubeflow.pipelines.rbac.cacheDeployer.clusterRoleName" . }} +subjects: +- kind: ServiceAccount + name: {{ include "kubeflow.pipelines.rbac.cacheDeployer.serviceAccountName" . }} + namespace: {{ include "kubeflow.namespace" . }} + +{{- end }} +*/}} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/rbac/sa.cache-deployer.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/rbac/sa.cache-deployer.yaml new file mode 100644 index 00000000..946fa49e --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/rbac/sa.cache-deployer.yaml @@ -0,0 +1,17 @@ +{{/* +Cache Deployer is currently not supported +*/}} + +{{/* +{{- if (include "kubeflow.pipelines.cache.enabled" . | eq "true") -}} + +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + {{- include "kubeflow.pipelines.labels" . | nindent 4 }} + name: {{ include "kubeflow.pipelines.rbac.cacheDeployer.serviceAccountName" . }} + namespace: {{ include "kubeflow.namespace" . }} + +{{- end }} +*/}} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/rbac/sa.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/rbac/sa.yaml new file mode 100644 index 00000000..f8cdfe4e --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/rbac/sa.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: default-editor + namespace: {{ include "kubeflow.namespace" . }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/authorizationpolicy.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/authorizationpolicy.yaml new file mode 100644 index 00000000..be47b75d --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/authorizationpolicy.yaml @@ -0,0 +1,25 @@ +{{- if (include "kubeflow.profilesController.createIstioIntegrationObjects" . | eq "true") -}} + +{{ $namespace := include "kubeflow.namespace" . }} +{{ $centraldashboardSaName := include "kubeflow.centraldashboard.serviceAccountName" . }} + +apiVersion: security.istio.io/v1beta1 +kind: AuthorizationPolicy +metadata: + labels: + {{- include "kubeflow.profilesController.labels" . | nindent 4 }} + name: {{ include "kubeflow.profilesController.kfam.name" . }} + namespace: {{ $namespace }} +spec: + action: ALLOW + rules: + - from: + - source: + principals: + # TODO: change me + - cluster.local/ns/{{ $namespace }}/sa/{{ $centraldashboardSaName }} + selector: + matchLabels: + {{- include "kubeflow.profilesController.selectorLabels" . | nindent 6 }} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/configmap.namespace-labels.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/configmap.namespace-labels.yaml new file mode 100644 index 00000000..bfdae81e --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/configmap.namespace-labels.yaml @@ -0,0 +1,20 @@ +{{- if (include "kubeflow.profilesController.enabled" . | eq "true") -}} + +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + {{- include "kubeflow.profilesController.labels" . | nindent 4 }} + name: {{ include "kubeflow.profilesController.namespaceLabelsConfigMapName" . }} + namespace: {{ include "kubeflow.namespace" . }} +data: + namespace-labels.yaml: | + {{- with .Values.profilesController.config.defaultNamespaceLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + + {{- with .Values.profilesController.config.extraNamespaceLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/deployment.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/deployment.yaml new file mode 100644 index 00000000..7d9938f5 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/deployment.yaml @@ -0,0 +1,134 @@ +{{- if (include "kubeflow.profilesController.enabled" . | eq "true") -}} + +{{- $autoscalingEnabled := include "kubeflow.profilesController.autoscaling.enabled" . -}} +{{- $replicas := include "kubeflow.profilesController.autoscaling.minReplicas" . -}} + +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + {{- include "kubeflow.profilesController.labels" . | nindent 4 }} + name: {{ include "kubeflow.profilesController.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + {{- if (eq $autoscalingEnabled "false") }} + replicas: {{ $replicas }} + {{- end }} + + selector: + matchLabels: + {{- include "kubeflow.profilesController.selectorLabels" . | nindent 6 }} + + template: + metadata: + labels: + {{- include "kubeflow.profilesController.selectorLabels" . | nindent 8 }} + + spec: + containers: + - name: manager + image: {{ include "kubeflow.profilesController.manager.image" . }} + imagePullPolicy: {{ include "kubeflow.profilesController.manager.imagePullPolicy" . }} + + command: + - /manager + - "-userid-header" + - {{ .Values.auth.userHeaderName | quote }} + - "-userid-prefix" + - {{ default "" .Values.auth.userIdPrefix | quote }} + - "-workload-identity" + - {{ default "" .Values.profilesController.config.workloadIdentity | quote }} + + env: + - name: ADMIN + value: {{ default "" .Values.profilesController.config.admin | quote }} + - name: WORKLOAD_IDENTITY + value: {{ default "" .Values.profilesController.config.workloadIdentity | quote }} + - name: USERID_HEADER + value: {{ .Values.auth.userHeaderName | quote }} + - name: USERID_PREFIX + value: {{ default "" .Values.auth.userIdPrefix | quote }} + - name: NOTEBOOK_CONTROLLER_PRINCIPAL + value: {{ include "kubeflow.notebooks.controller.serviceAccountPrincipal" . }} + - name: KFP_UI_PRINCIPAL + value: {{ include "kubeflow.pipelines.ui.serviceAccountPrincipal" . }} + {{- if (include "kubeflow.istioIntegration.enabled" . ) }} + - name: ISTIO_INGRESS_GATEWAY_PRINCIPAL + value: {{ include "kubeflow.istioIntegration.istioIngressGateway.serviceAccountPrincipal" . }} + {{- end }} + + livenessProbe: + httpGet: + path: /healthz + port: 9876 + initialDelaySeconds: 15 + periodSeconds: 20 + readinessProbe: + httpGet: + path: /readyz + port: 9876 + initialDelaySeconds: 5 + periodSeconds: 10 + ports: + - containerPort: 9876 + + volumeMounts: + - mountPath: /etc/profile-controller + name: namespace-labels + readOnly: true + + - name: kfam + image: {{ include "kubeflow.profilesController.kfam.image" . }} + imagePullPolicy: {{ include "kubeflow.profilesController.kfam.imagePullPolicy" . }} + + command: + - /access-management + - "-cluster-admin" + - {{ default "" .Values.profilesController.config.admin | quote }} + - "-userid-header" + - {{ .Values.auth.userHeaderName | quote }} + - "-userid-prefix" + - {{ default "" .Values.auth.userIdPrefix | quote }} + + env: + - name: ADMIN + value: {{ default "" .Values.profilesController.config.admin | quote }} + - name: WORKLOAD_IDENTITY + value: {{ default "" .Values.profilesController.config.workloadIdentity | quote }} + - name: USERID_HEADER + value: {{ .Values.auth.userHeaderName | quote }} + - name: USERID_PREFIX + value: {{ default "" .Values.auth.userIdPrefix | quote }} + - name: NOTEBOOK_CONTROLLER_PRINCIPAL + value: {{ include "kubeflow.notebooks.controller.serviceAccountPrincipal" . }} + - name: KFP_UI_PRINCIPAL + value: {{ include "kubeflow.pipelines.ui.serviceAccountPrincipal" . }} + {{- if (include "kubeflow.istioIntegration.enabled" . ) }} + - name: ISTIO_INGRESS_GATEWAY_PRINCIPAL + value: {{ include "kubeflow.istioIntegration.istioIngressGateway.serviceAccountPrincipal" . }} + {{- end }} + + livenessProbe: + httpGet: + path: /metrics + port: 8081 + initialDelaySeconds: 30 + periodSeconds: 30 + ports: + - containerPort: 8081 + name: kfam-http + protocol: TCP + + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + + serviceAccountName: {{ include "kubeflow.profilesController.serviceAccountName" . }} + + volumes: + - name: namespace-labels + configMap: + name: {{ include "kubeflow.profilesController.namespaceLabelsConfigMapName" . }} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/rbac/clusterrolebinding.main.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/rbac/clusterrolebinding.main.yaml new file mode 100644 index 00000000..3d6cf5b3 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/rbac/clusterrolebinding.main.yaml @@ -0,0 +1,18 @@ +{{- if (include "kubeflow.profilesController.rbac.createRoles" . | eq "true") -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + {{- include "kubeflow.notebooks.controller.labels" . | nindent 4 }} + name: {{ include "kubeflow.profilesController.mainClusterRoleBindingName" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "kubeflow.profilesController.mainClusterRoleName" . }} +subjects: +- kind: ServiceAccount + name: {{ include "kubeflow.profilesController.serviceAccountName" . }} + namespace: {{ include "kubeflow.namespace" . }} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/rbac/profile_editor_role.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/rbac/profile_editor_role.yaml new file mode 100644 index 00000000..212436ab --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/rbac/profile_editor_role.yaml @@ -0,0 +1,29 @@ +{{/* +# Permissions for end users to edit profiles. +# Currently not used anywhere. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: profile-editor-role +rules: +- apiGroups: + - kubeflow.org + resources: + - profiles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - kubeflow.org + resources: + - profiles/status + verbs: + - get + +*/}} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/rbac/profile_viewer_role.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/rbac/profile_viewer_role.yaml new file mode 100644 index 00000000..b17525f1 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/rbac/profile_viewer_role.yaml @@ -0,0 +1,25 @@ +{{/* +# Permissions for end users to view profiles. +# Currently not used anywhere. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: profile-viewer-role +rules: +- apiGroups: + - kubeflow.org + resources: + - profiles + verbs: + - get + - list + - watch +- apiGroups: + - kubeflow.org + resources: + - profiles/status + verbs: + - get + +*/}} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/rbac/role.leader-election.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/rbac/role.leader-election.yaml new file mode 100644 index 00000000..414708b7 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/rbac/role.leader-election.yaml @@ -0,0 +1,37 @@ +{{- if (include "kubeflow.profilesController.rbac.createRoles" . | eq "true") -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + {{- include "kubeflow.notebooks.controller.labels" . | nindent 4 }} + name: {{ include "kubeflow.profilesController.leaderElectionRoleName" . }} +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps/status + verbs: + - get + - update + - patch +- apiGroups: + - "" + resources: + - events + verbs: + - create + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/rbac/role.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/rbac/role.yaml new file mode 100644 index 00000000..4486c8eb --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/rbac/role.yaml @@ -0,0 +1,44 @@ +{{/* +# This role is defined in kubeflow/manifests but it seems it's not used anywhere. +# https://github.com/kubeflow/manifests/blob/6cb9ff2fa2b25755eca5ce41c03d125aa8c8653b/apps/profiles/upstream/rbac/role.yaml + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: manager-role +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - '*' +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - '*' +- apiGroups: + - kubeflow.org + resources: + - profiles + - profiles/finalizers + - profiles/status + verbs: + - '*' +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + verbs: + - '*' +- apiGroups: + - security.istio.io + resources: + - authorizationpolicies + verbs: + - '*' + +*/}} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/rbac/rolebinding.leader-election.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/rbac/rolebinding.leader-election.yaml new file mode 100644 index 00000000..99e2d3a0 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/rbac/rolebinding.leader-election.yaml @@ -0,0 +1,18 @@ +{{- if (include "kubeflow.profilesController.rbac.createRoles" . | eq "true") -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + {{- include "kubeflow.notebooks.controller.labels" . | nindent 4 }} + name: {{ include "kubeflow.profilesController.leaderElectionRoleBindingName" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "kubeflow.profilesController.leaderElectionRoleName" . }} +subjects: +- kind: ServiceAccount + name: {{ include "kubeflow.profilesController.serviceAccountName" . }} + namespace: {{ include "kubeflow.namespace" . }} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/rbac/serviceaccount.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/rbac/serviceaccount.yaml new file mode 100644 index 00000000..9dac3682 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/rbac/serviceaccount.yaml @@ -0,0 +1,15 @@ +{{- if (include "kubeflow.profilesController.createServiceAccount" . | eq "true") -}} + +apiVersion: v1 +kind: ServiceAccount +metadata: + {{- with .Values.profilesController.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4}} + {{- end }} + labels: + {{- include "kubeflow.profilesController.labels" . | nindent 4 }} + name: {{ include "kubeflow.profilesController.serviceAccountName" . }} + namespace: {{ include "kubeflow.namespace" . }} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/service.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/service.yaml new file mode 100644 index 00000000..077cf38d --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/service.yaml @@ -0,0 +1,22 @@ +{{- if (include "kubeflow.profilesController.enabled" . | eq "true") -}} + +apiVersion: v1 +kind: Service +metadata: + {{- with .Values.profilesController.kfam.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "kubeflow.profilesController.labels" . | nindent 4 }} + name: {{ include "kubeflow.profilesController.kfam.svc.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + ports: + - port: 8081 + selector: + {{- include "kubeflow.profilesController.selectorLabels" . | nindent 4 }} + sessionAffinity: None + type: {{ .Values.profilesController.kfam.service.type }} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/virtualservice.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/virtualservice.yaml new file mode 100644 index 00000000..efaa7f77 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/virtualservice.yaml @@ -0,0 +1,31 @@ +{{- if (include "kubeflow.profilesController.createIstioIntegrationObjects" . | eq "true") -}} + +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + labels: + {{- include "kubeflow.profilesController.labels" . | nindent 4 }} + name: {{ include "kubeflow.profilesController.kfam.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + gateways: + - {{ .Values.istioIntegration.gateway.name }} + hosts: + - '*' + http: + - match: + - uri: + prefix: {{ .Values.profilesController.kfam.config.urlPrefix }}/ + rewrite: + uri: {{ .Values.profilesController.kfam.config.urlPrefix }}/ + route: + - destination: + host: {{ include "kubeflow.profilesController.kfam.svc.fqdn" . }} + port: + number: 8081 + headers: + request: + add: + x-forwarded-prefix: {{ .Values.profilesController.kfam.config.urlPrefix }} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/deployment.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/deployment.yaml new file mode 100644 index 00000000..f8ec3f27 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/deployment.yaml @@ -0,0 +1,139 @@ +{{- if (include "kubeflow.tensorboard.controller.enabled" . | eq "true") -}} + +{{- $autoscalingEnabled := include "kubeflow.tensorboard.controller.autoscaling.enabled" . -}} +{{- $replicas := include "kubeflow.tensorboard.controller.autoscaling.minReplicas" . -}} + +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + {{- include "kubeflow.tensorboard.controller.labels" . | nindent 4 }} + control-plane: controller-manager + name: {{ include "kubeflow.tensorboard.controller.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + {{- if (eq $autoscalingEnabled "false") }} + replicas: {{ $replicas }} + {{- end }} + + selector: + matchLabels: + {{- include "kubeflow.tensorboard.controller.selectorLabels" . | nindent 6 }} + control-plane: controller-manager + + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + {{- include "kubeflow.tensorboard.controller.selectorLabels" . | nindent 8 }} + control-plane: controller-manager + + spec: + containers: + - name: manager + image: {{ include "kubeflow.tensorboard.controller.manager.image" . }} + imagePullPolicy: {{ include "kubeflow.tensorboard.controller.manager.imagePullPolicy" . }} + + args: + - --health-probe-bind-address=:8081 + - --metrics-bind-address=127.0.0.1:8080 + command: + - /manager + + env: + - name: ISTIO_GATEWAY + value: {{ include "kubeflow.namespace" . }}/{{ .Values.istioIntegration.gateway.name }} + - name: ISTIO_HOST + value: "*" + - name: RWO_PVC_SCHEDULING + value: {{ .Values.tensorboard.controller.manager.config.rwoPvcScheduling | quote }} + - name: TENSORBOARD_IMAGE + value: {{ include "kubeflow.tensorboard.controller.manager.tensorboardImage" . }} + + {{- with .Values.tensorboard.controller.manager.resources }} + resources: + {{- toYaml . | nindent 10 }} + {{- end }} + + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + + {{- with include "kubeflow.tensorboard.controller.manager.containerSecurityContext" . }} + securityContext: + {{- . | nindent 10 }} + {{- end }} + + - name: kube-rbac-proxy + image: {{ include "kubeflow.tensorboard.controller.kubeRbacProxy.image" . }} + imagePullPolicy: {{ include "kubeflow.tensorboard.controller.kubeRbacProxy.imagePullPolicy" . }} + + args: + - --secure-listen-address=0.0.0.0:{{ .Values.tensorboard.controller.kubeRbacProxy.service.targetPort }} + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=0 + + ports: + - containerPort: {{ .Values.tensorboard.controller.kubeRbacProxy.service.targetPort }} + name: https + protocol: TCP + + {{- with .Values.tensorboard.controller.kubeRbacProxy.resources }} + resources: + {{- toYaml . | nindent 10 }} + {{- end }} + + {{- with include "kubeflow.tensorboard.controller.kubeRbacProxy.containerSecurityContext" . }} + securityContext: + {{- . | nindent 10 }} + {{- end }} + + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + + serviceAccountName: {{ include "kubeflow.tensorboard.controller.serviceAccountName" . }} + + {{- with include "kubeflow.tensorboard.controller.nodeSelector" . }} + nodeSelector: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.tensorboard.controller.tolerations" . }} + tolerations: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.tensorboard.controller.affinity" . }} + affinity: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.tensorboard.controller.topologySpreadConstraints" . }} + topologySpreadConstraints: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.tensorboard.controller.terminationGracePeriodSeconds" . }} + terminationGracePeriodSeconds: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.tensorboard.controller.securityContext" . }} + securityContext: + {{- . | nindent 8 }} + {{- end }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/rbac/clusterrole.manager.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/rbac/clusterrole.manager.yaml new file mode 100644 index 00000000..dc50e605 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/rbac/clusterrole.manager.yaml @@ -0,0 +1,83 @@ +{{- if (include "kubeflow.tensorboard.controller.rbac.createRoles" . | eq "true") -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "kubeflow.tensorboard.controller.labels" . | nindent 4 }} + name: {{ include "kubeflow.tensorboard.controller.mainClusterRoleName" . }} +rules: +- apiGroups: + - apps + resources: + - deployments + verbs: + - create + - get + - list + - update + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - create + - get + - list + - update + - watch +- apiGroups: + - networking.istio.io + resources: + - virtualservices + verbs: + - create + - get + - list + - update + - watch +- apiGroups: + - tensorboard.kubeflow.org + resources: + - tensorboards + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - tensorboard.kubeflow.org + resources: + - tensorboards/finalizers + verbs: + - update +- apiGroups: + - tensorboard.kubeflow.org + resources: + - tensorboards/status + verbs: + - get + - patch + - update + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/rbac/clusterrole.metrics-reader.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/rbac/clusterrole.metrics-reader.yaml new file mode 100644 index 00000000..17c6f0e2 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/rbac/clusterrole.metrics-reader.yaml @@ -0,0 +1,15 @@ +{{- if (include "kubeflow.tensorboard.controller.rbac.createRoles" . | eq "true") -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "kubeflow.tensorboard.controller.labels" . | nindent 4 }} + name: {{ include "kubeflow.tensorboard.controller.metricsReaderClusterRoleName" . }} +rules: +- nonResourceURLs: + - /metrics + verbs: + - get + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/rbac/clusterrole.proxy.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/rbac/clusterrole.proxy.yaml new file mode 100644 index 00000000..5f7c8129 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/rbac/clusterrole.proxy.yaml @@ -0,0 +1,23 @@ +{{- if (include "kubeflow.tensorboard.controller.rbac.createRoles" . | eq "true") -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "kubeflow.tensorboard.controller.labels" . | nindent 4 }} + name: {{ include "kubeflow.tensorboard.controller.proxyClusterRoleName" . }} +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/rbac/clusterrolebinding.manager.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/rbac/clusterrolebinding.manager.yaml new file mode 100644 index 00000000..beecb8ff --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/rbac/clusterrolebinding.manager.yaml @@ -0,0 +1,18 @@ +{{- if (include "kubeflow.tensorboard.controller.rbac.createRoles" . | eq "true") -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + {{- include "kubeflow.tensorboard.controller.labels" . | nindent 4 }} + name: {{ include "kubeflow.tensorboard.controller.mainClusterRoleBindingName" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "kubeflow.tensorboard.controller.mainClusterRoleName" . }} +subjects: +- kind: ServiceAccount + name: {{ include "kubeflow.tensorboard.controller.serviceAccountName" . }} + namespace: {{ include "kubeflow.namespace" . }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/rbac/clusterrolebinding.proxy.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/rbac/clusterrolebinding.proxy.yaml new file mode 100644 index 00000000..936c02c4 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/rbac/clusterrolebinding.proxy.yaml @@ -0,0 +1,18 @@ +{{- if (include "kubeflow.tensorboard.controller.rbac.createRoles" . | eq "true") -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + {{- include "kubeflow.tensorboard.controller.labels" . | nindent 4 }} + name: {{ include "kubeflow.tensorboard.controller.proxyClusterRoleBindingName" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "kubeflow.tensorboard.controller.proxyClusterRoleName" . }} +subjects: +- kind: ServiceAccount + name: {{ include "kubeflow.tensorboard.controller.serviceAccountName" . }} + namespace: {{ include "kubeflow.namespace" . }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/rbac/role.leader-election.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/rbac/role.leader-election.yaml new file mode 100644 index 00000000..006a90da --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/rbac/role.leader-election.yaml @@ -0,0 +1,43 @@ +{{- if (include "kubeflow.tensorboard.controller.rbac.createRoles" . | eq "true") -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + {{- include "kubeflow.tensorboard.controller.labels" . | nindent 4 }} + name: {{ include "kubeflow.tensorboard.controller.leaderElectionRoleName" . }} + namespace: {{ include "kubeflow.namespace" . }} +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/rbac/rolebinding.leader-election.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/rbac/rolebinding.leader-election.yaml new file mode 100644 index 00000000..bfeb64ab --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/rbac/rolebinding.leader-election.yaml @@ -0,0 +1,19 @@ +{{- if (include "kubeflow.tensorboard.controller.rbac.createRoles" . | eq "true") -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + {{- include "kubeflow.tensorboard.controller.labels" . | nindent 4 }} + name: {{ include "kubeflow.tensorboard.controller.leaderElectionRoleBindingName" . }} + namespace: {{ include "kubeflow.namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "kubeflow.tensorboard.controller.leaderElectionRoleName" . }} +subjects: +- kind: ServiceAccount + name: {{ include "kubeflow.tensorboard.controller.serviceAccountName" .}} + namespace: {{ include "kubeflow.namespace" . }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/service.controller-manager-metrics-service.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/service.controller-manager-metrics-service.yaml new file mode 100644 index 00000000..561d85d8 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/service.controller-manager-metrics-service.yaml @@ -0,0 +1,28 @@ +{{- if (include "kubeflow.tensorboard.controller.enabled" . | eq "true") -}} + +apiVersion: v1 +kind: Service +metadata: + {{- with .Values.tensorboard.controller.kubeRbacProxy.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "kubeflow.tensorboard.controller.labels" . | nindent 4 }} + control-plane: controller-manager + name: {{ include "kubeflow.tensorboard.controller.metricsService.svc.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + ports: + - name: https + # port: 8443 + port: {{ .Values.tensorboard.controller.kubeRbacProxy.service.port }} + protocol: TCP + targetPort: https + selector: + {{- include "kubeflow.tensorboard.controller.selectorLabels" . | nindent 4 }} + control-plane: controller-manager + sessionAffinity: None + type: {{ .Values.tensorboard.controller.kubeRbacProxy.service.type }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/serviceaccount.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/serviceaccount.yaml new file mode 100644 index 00000000..26d97cb5 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/serviceaccount.yaml @@ -0,0 +1,15 @@ +{{- if (include "kubeflow.tensorboard.controller.createServiceAccount" . | eq "true") -}} + +apiVersion: v1 +kind: ServiceAccount +metadata: + {{- with .Values.tensorboard.controller.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4}} + {{- end }} + labels: + {{- include "kubeflow.tensorboard.controller.labels" . | nindent 4 }} + name: {{ include "kubeflow.tensorboard.controller.serviceAccountName" . }} + namespace: {{ include "kubeflow.namespace" . }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/authorizationpolicy.extAuth.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/authorizationpolicy.extAuth.yaml new file mode 100644 index 00000000..47846b5d --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/authorizationpolicy.extAuth.yaml @@ -0,0 +1,29 @@ +{{- if and + (include "kubeflow.tensorboard.tensorboardsWebApp.createIstioIntegrationObjects" . | eq "true") + (include "kubeflow.istioIntegration.authorizationMode.granular" . | eq "true") +-}} + +# NOTE: this AuthorizationPolicy forces traffic through ext authz http extension +# so we don't have to provide configuration to allow traffic only from +# istio-ingressgateway. The .spec.rules.to.operations.notPaths is configured for +# CloudFlare integration and allows only static, non-secret assets to be +# accessible without the Istio Auth. + +apiVersion: security.istio.io/v1beta1 +kind: AuthorizationPolicy +metadata: + labels: + {{- include "kubeflow.tensorboard.tensorboardsWebApp.labels" . | nindent 4 }} + name: {{ include "kubeflow.tensorboard.tensorboardsWebApp.authorizationPolicyExtAuthName" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + action: CUSTOM + provider: + name: {{ .Values.istioIntegration.envoyExtAuthzHttpExtensionProviderName }} + rules: + - {} + selector: + matchLabels: + {{- include "kubeflow.tensorboard.tensorboardsWebApp.selectorLabels" . | nindent 6 }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/authorizationpolicy.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/authorizationpolicy.yaml new file mode 100644 index 00000000..4df42532 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/authorizationpolicy.yaml @@ -0,0 +1,20 @@ +{{- if (include "kubeflow.tensorboard.tensorboardsWebApp.createIstioIntegrationObjects" .) -}} + +apiVersion: security.istio.io/v1beta1 +kind: AuthorizationPolicy +metadata: + labels: + {{- include "kubeflow.tensorboard.tensorboardsWebApp.labels" . | nindent 4 }} + name: {{ include "kubeflow.tensorboard.tensorboardsWebApp.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + selector: + matchLabels: + {{- include "kubeflow.tensorboard.tensorboardsWebApp.selectorLabels" . | nindent 6 }} + rules: + - from: + - source: + namespaces: + - {{ .Values.istioIntegration.ingressGatewayNamespace }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/cluster-role-binding.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/cluster-role-binding.yaml new file mode 100644 index 00000000..8d27d69b --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/cluster-role-binding.yaml @@ -0,0 +1,18 @@ +{{- if (include "kubeflow.tensorboard.tensorboardsWebApp.rbac.createRoles" . | eq "true" ) -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + {{- include "kubeflow.tensorboard.tensorboardsWebApp.labels" . | nindent 4 }} + name: {{ include "kubeflow.tensorboard.tensorboardsWebApp.mainClusterRoleBindingName" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "kubeflow.tensorboard.tensorboardsWebApp.mainClusterRoleName" . }} +subjects: +- kind: ServiceAccount + name: {{ include "kubeflow.tensorboard.tensorboardsWebApp.serviceAccountName" . }} + namespace: {{ include "kubeflow.namespace" . }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/cluster-role.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/cluster-role.yaml new file mode 100644 index 00000000..54ab26fc --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/cluster-role.yaml @@ -0,0 +1,134 @@ +{{- if (include "kubeflow.tensorboard.tensorboardsWebApp.rbac.createRoles" . | eq "true" ) -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "kubeflow.tensorboard.tensorboardsWebApp.labels" . | nindent 4 }} + name: {{ include "kubeflow.tensorboard.tensorboardsWebApp.mainClusterRoleName" . }} +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +- apiGroups: + - tensorboard.kubeflow.org + resources: + - tensorboards + - tensorboards/finalizers + verbs: + - get + - list + - create + - delete +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete + - get + - list +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch +- apiGroups: + - kubeflow.org + resources: + - poddefaults + verbs: + - get + - list + - watch + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "kubeflow.tensorboard.tensorboardsWebApp.labels" . | nindent 4 }} + {{- include "kubeflow.kubeflowRoles.kubeflowAdminRoleLabel" . | nindent 4 }} + name: {{ include "kubeflow.tensorboard.tensorboardsWebApp.kfTenUiAdminClusterRoleName" . }} +rules: [] + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "kubeflow.tensorboard.tensorboardsWebApp.labels" . | nindent 4 }} + {{- include "kubeflow.kubeflowRoles.kubeflowEditRoleLabel" . | nindent 4 }} + name: {{ include "kubeflow.tensorboard.tensorboardsWebApp.kfTenUiEditClusterRoleName" . }} +rules: +- apiGroups: + - tensorboard.kubeflow.org + resources: + - tensorboards + - tensorboards/finalizers + verbs: + - get + - list + - create + - delete +- apiGroups: + - kubeflow.org + resources: + - poddefaults + verbs: + - get + - list + - watch + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "kubeflow.tensorboard.tensorboardsWebApp.labels" . | nindent 4 }} + {{- include "kubeflow.kubeflowRoles.kubeflowViewRoleLabel" . | nindent 4 }} + name: {{ include "kubeflow.tensorboard.tensorboardsWebApp.kfTenUiViewClusterRoleName" . }} +rules: +- apiGroups: + - tensorboard.kubeflow.org + resources: + - tensorboards + - tensorboards/finalizers + verbs: + - get + - list +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch +- apiGroups: + - kubeflow.org + resources: + - poddefaults + verbs: + - get + - list + - watch + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/deployment.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/deployment.yaml new file mode 100644 index 00000000..690b5a3a --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/deployment.yaml @@ -0,0 +1,84 @@ +{{- if (include "kubeflow.tensorboard.tensorboardsWebApp.enabled" . | eq "true") -}} + +{{- $autoscalingEnabled := include "kubeflow.tensorboard.tensorboardsWebApp.autoscaling.enabled" . -}} +{{- $replicas := include "kubeflow.tensorboard.tensorboardsWebApp.autoscaling.minReplicas" . -}} + +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + {{- include "kubeflow.tensorboard.tensorboardsWebApp.labels" . | nindent 4 }} + name: {{ include "kubeflow.tensorboard.tensorboardsWebApp.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + {{- if (eq $autoscalingEnabled "false") }} + replicas: {{ $replicas }} + {{- end }} + + selector: + matchLabels: + {{- include "kubeflow.tensorboard.tensorboardsWebApp.selectorLabels" . | nindent 6 }} + + template: + metadata: + labels: + {{- include "kubeflow.tensorboard.tensorboardsWebApp.selectorLabels" . | nindent 8 }} + + spec: + containers: + - name: {{ include "kubeflow.tensorboard.tensorboardsWebApp.baseName" . }} + image: {{ include "kubeflow.tensorboard.tensorboardsWebApp.image" . }} + imagePullPolicy: {{ include "kubeflow.tensorboard.tensorboardsWebApp.imagePullPolicy" . }} + + ports: + - containerPort: {{ .Values.tensorboard.tensorboardsWebApp.service.targetPort }} + protocol: TCP + + {{- with .Values.tensorboard.tensorboardsWebApp.resources }} + resources: + {{- toYaml . | nindent 10 }} + {{- end }} + + env: + - name: APP_PREFIX + value: {{ .Values.tensorboard.tensorboardsWebApp.config.urlPrefix }} + - name: USERID_HEADER + value: {{ .Values.auth.userHeaderName | quote }} + - name: USERID_PREFIX + value: {{ .Values.auth.userIdPrefix | quote }} + - name: APP_SECURE_COOKIES + value: {{ .Values.tensorboard.tensorboardsWebApp.config.secureCookies | quote }} + + {{- with include "kubeflow.tensorboard.tensorboardsWebApp.containerSecurityContext" . }} + securityContext: + {{- . | nindent 10 }} + {{- end }} + + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + + serviceAccountName: {{ include "kubeflow.tensorboard.tensorboardsWebApp.serviceAccountName" . }} + + {{- with include "kubeflow.tensorboard.tensorboardsWebApp.nodeSelector" . }} + nodeSelector: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.tensorboard.tensorboardsWebApp.tolerations" . }} + tolerations: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.tensorboard.tensorboardsWebApp.affinity" . }} + affinity: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.tensorboard.tensorboardsWebApp.topologySpreadConstraints" . }} + topologySpreadConstraints: + {{- . | nindent 8 }} + {{- end }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/destination-rule.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/destination-rule.yaml new file mode 100644 index 00000000..774da109 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/destination-rule.yaml @@ -0,0 +1,16 @@ +{{- if (include "kubeflow.tensorboard.tensorboardsWebApp.createIstioIntegrationObjects" . | eq "true") -}} + +apiVersion: networking.istio.io/v1alpha3 +kind: DestinationRule +metadata: + labels: + {{- include "kubeflow.tensorboard.tensorboardsWebApp.labels" . | nindent 4 }} + name: {{ include "kubeflow.tensorboard.tensorboardsWebApp.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + host: {{ include "kubeflow.tensorboard.tensorboardsWebApp.svc.fqdn" . }} + trafficPolicy: + tls: + mode: ISTIO_MUTUAL + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/hpa.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/hpa.yaml new file mode 100644 index 00000000..49676b27 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/hpa.yaml @@ -0,0 +1,36 @@ +{{- if (include "kubeflow.tensorboard.tensorboardsWebApp.autoscaling.enabled" . | eq "true") -}} + +{{- $componentName := include "kubeflow.tensorboard.tensorboardsWebApp.name" . -}} +{{- $minReplicas := include "kubeflow.tensorboard.tensorboardsWebApp.autoscaling.minReplicas" . -}} +{{- $maxReplicas := include "kubeflow.tensorboard.tensorboardsWebApp.autoscaling.maxReplicas" . -}} +{{- $targetCPUUtilizationPercentage := include "kubeflow.tensorboard.tensorboardsWebApp.autoscaling.targetCPUUtilizationPercentage" . -}} +{{- $targetMemoryUtilizationPercentage := include "kubeflow.tensorboard.tensorboardsWebApp.autoscaling.targetMemoryUtilizationPercentage" . -}} + +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + labels: + {{- include "kubeflow.tensorboard.tensorboardsWebApp.labels" . | nindent 4 }} + name: {{ $componentName }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ $componentName }} + minReplicas: {{ $minReplicas }} + maxReplicas: {{ $maxReplicas }} + metrics: + {{- if $targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + targetAverageUtilization: {{ $targetCPUUtilizationPercentage }} + {{- end }} + {{- if $targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + targetAverageUtilization: {{ $targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/poddisruptionbudget.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/poddisruptionbudget.yaml new file mode 100644 index 00000000..34df185f --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/poddisruptionbudget.yaml @@ -0,0 +1,18 @@ +{{- if (include "kubeflow.tensorboard.tensorboardsWebApp.pdb.create" . | eq "true") -}} + +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + labels: + {{- include "kubeflow.tensorboard.tensorboardsWebApp.labels" . | nindent 4 }} + name: {{ include "kubeflow.tensorboard.tensorboardsWebApp.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + selector: + matchLabels: + {{- include "kubeflow.tensorboard.tensorboardsWebApp.selectorLabels" . | nindent 6 }} + {{- with (include "kubeflow.tensorboard.tensorboardsWebApp.pdb.values" .) }} + {{- . | nindent 2 }} + {{- end }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/service-account.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/service-account.yaml new file mode 100644 index 00000000..b1fa20e1 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/service-account.yaml @@ -0,0 +1,15 @@ +{{- if (include "kubeflow.tensorboard.tensorboardsWebApp.createServiceAccount" . | eq "true") -}} + +apiVersion: v1 +kind: ServiceAccount +metadata: + {{- with .Values.tensorboard.tensorboardsWebApp.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4}} + {{- end }} + labels: + {{- include "kubeflow.tensorboard.tensorboardsWebApp.labels" . | nindent 4 }} + name: {{ include "kubeflow.tensorboard.tensorboardsWebApp.serviceAccountName" . }} + namespace: {{ include "kubeflow.namespace" . }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/service.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/service.yaml new file mode 100644 index 00000000..a1ef5864 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/service.yaml @@ -0,0 +1,25 @@ +{{- if (include "kubeflow.tensorboard.tensorboardsWebApp.enabled" . | eq "true") -}} + +apiVersion: v1 +kind: Service +metadata: + {{- with .Values.tensorboard.tensorboardsWebApp.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "kubeflow.tensorboard.tensorboardsWebApp.labels" . | nindent 4 }} + name: {{ include "kubeflow.tensorboard.tensorboardsWebApp.svc.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + ports: + - name: http + port: {{ .Values.tensorboard.tensorboardsWebApp.service.port }} + protocol: TCP + targetPort: {{ .Values.tensorboard.tensorboardsWebApp.service.targetPort }} + selector: + {{- include "kubeflow.tensorboard.tensorboardsWebApp.selectorLabels" . | nindent 4 }} + sessionAffinity: None + type: {{ .Values.tensorboard.tensorboardsWebApp.service.type }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/virtual-service.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/virtual-service.yaml new file mode 100644 index 00000000..1360f74c --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/virtual-service.yaml @@ -0,0 +1,31 @@ +{{- if (include "kubeflow.tensorboard.tensorboardsWebApp.createIstioIntegrationObjects" . | eq "true") -}} + +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + labels: + {{- include "kubeflow.tensorboard.tensorboardsWebApp.labels" . | nindent 4 }} + name: {{ include "kubeflow.tensorboard.tensorboardsWebApp.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + gateways: + - {{ .Values.istioIntegration.gateway.name }} + hosts: + - '*' + http: + - match: + - uri: + prefix: {{ .Values.tensorboard.tensorboardsWebApp.config.urlPrefix }}/ + rewrite: + uri: / + route: + - destination: + host: {{ include "kubeflow.tensorboard.tensorboardsWebApp.svc.fqdn" . }} + port: + number: {{ .Values.tensorboard.tensorboardsWebApp.service.port }} + headers: + request: + add: + x-forwarded-prefix: {{ .Values.tensorboard.tensorboardsWebApp.config.urlPrefix }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/tests/_test-connection.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tests/_test-connection.yaml new file mode 100644 index 00000000..789ac15e --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tests/_test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "kubeflow.fullname" . }}-test-connection" + labels: + {{- include "kubeflow.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "kubeflow.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/cluster-role-binding.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/cluster-role-binding.yaml new file mode 100644 index 00000000..19f7b523 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/cluster-role-binding.yaml @@ -0,0 +1,18 @@ +{{- if (include "kubeflow.trainingOperator.rbac.createRoles" . | eq "true" ) -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + {{- include "kubeflow.trainingOperator.labels" . | nindent 4 }} + name: {{ include "kubeflow.trainingOperator.mainClusterRoleBindingName" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "kubeflow.trainingOperator.mainClusterRoleName" . }} +subjects: +- kind: ServiceAccount + name: {{ include "kubeflow.trainingOperator.serviceAccountName" . }} + namespace: {{ include "kubeflow.namespace" . }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/clusterrole.main.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/clusterrole.main.yaml new file mode 100644 index 00000000..6947a7b1 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/clusterrole.main.yaml @@ -0,0 +1,297 @@ +{{- if (include "kubeflow.trainingOperator.rbac.createRoles" . | eq "true") -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "kubeflow.trainingOperator.labels" . | nindent 4 }} + name: {{ include "kubeflow.trainingOperator.mainClusterRoleName" . }} +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - list + - update + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - pods/exec + verbs: + - create +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - update + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - get + - list + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - get + - list + - watch +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - list + - update + - watch +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - kubeflow.org + resources: + - mpijobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - kubeflow.org + resources: + - mpijobs/finalizers + verbs: + - update +- apiGroups: + - kubeflow.org + resources: + - mpijobs/status + verbs: + - get + - patch + - update +- apiGroups: + - kubeflow.org + resources: + - mxjobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - kubeflow.org + resources: + - mxjobs/finalizers + verbs: + - update +- apiGroups: + - kubeflow.org + resources: + - mxjobs/status + verbs: + - get + - patch + - update +- apiGroups: + - kubeflow.org + resources: + - paddlejobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - kubeflow.org + resources: + - paddlejobs/finalizers + verbs: + - update +- apiGroups: + - kubeflow.org + resources: + - paddlejobs/status + verbs: + - get + - patch + - update +- apiGroups: + - kubeflow.org + resources: + - pytorchjobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - kubeflow.org + resources: + - pytorchjobs/finalizers + verbs: + - update +- apiGroups: + - kubeflow.org + resources: + - pytorchjobs/status + verbs: + - get + - patch + - update +- apiGroups: + - kubeflow.org + resources: + - tfjobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - kubeflow.org + resources: + - tfjobs/finalizers + verbs: + - update +- apiGroups: + - kubeflow.org + resources: + - tfjobs/status + verbs: + - get + - patch + - update +- apiGroups: + - kubeflow.org + resources: + - xgboostjobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - kubeflow.org + resources: + - xgboostjobs/finalizers + verbs: + - update +- apiGroups: + - kubeflow.org + resources: + - xgboostjobs/status + verbs: + - get + - patch + - update +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + verbs: + - create + - list + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + verbs: + - create + - list + - update + - watch +- apiGroups: + - scheduling.volcano.sh + resources: + - podgroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - scheduling.x-k8s.io + resources: + - podgroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/clusterroles.user.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/clusterroles.user.yaml new file mode 100644 index 00000000..317121f3 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/clusterroles.user.yaml @@ -0,0 +1,109 @@ +{{- if (include "kubeflow.trainingOperator.rbac.createRoles" . | eq "true") -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "kubeflow.trainingOperator.labels" . | nindent 4 }} + {{- include "kubeflow.kubeflowRoles.kubeflowAdminRoleLabel" . | nindent 4 }} + name: {{ include "kubeflow.trainingOperator.kfTrAdminClusterRoleName" . }} +aggregationRule: + clusterRoleSelectors: + - matchLabels: + {{- include "kubeflow.trainingOperator.kfTrAdminClusterRoleLabel" . | nindent 6 }} +rules: [] + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "kubeflow.trainingOperator.labels" . | nindent 4 }} + {{- include "kubeflow.kubeflowRoles.kubeflowEditRoleLabel" . | nindent 4 }} + {{- include "kubeflow.trainingOperator.kfTrAdminClusterRoleLabel" . | nindent 4 }} + name: {{ include "kubeflow.trainingOperator.kfTrEditClusterRoleName" . }} +rules: +- apiGroups: + - kubeflow.org + resources: + - mpijobs + - tfjobs + - pytorchjobs + - mxjobs + - xgboostjobs + - paddlejobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - kubeflow.org + resources: + - mpijobs/status + - tfjobs/status + - pytorchjobs/status + - mxjobs/status + - xgboostjobs/status + - paddlejobs/status + verbs: + - get +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - watch + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "kubeflow.trainingOperator.labels" . | nindent 4 }} + {{- include "kubeflow.kubeflowRoles.kubeflowViewRoleLabel" . | nindent 4 }} + name: {{ include "kubeflow.trainingOperator.kfTrViewClusterRoleName" . }} +rules: +- apiGroups: + - kubeflow.org + resources: + - mpijobs + - tfjobs + - pytorchjobs + - mxjobs + - xgboostjobs + - paddlejobs + verbs: + - get + - list + - watch +- apiGroups: + - kubeflow.org + resources: + - mpijobs/status + - tfjobs/status + - pytorchjobs/status + - mxjobs/status + - xgboostjobs/status + - paddlejobs/status + verbs: + - get + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/deployment.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/deployment.yaml new file mode 100644 index 00000000..ebb73047 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/deployment.yaml @@ -0,0 +1,122 @@ +{{- if (include "kubeflow.trainingOperator.enabled" . | eq "true") -}} + +{{- $autoscalingEnabled := include "kubeflow.trainingOperator.autoscaling.enabled" . -}} +{{- $replicas := include "kubeflow.trainingOperator.autoscaling.minReplicas" . -}} + +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + {{- include "kubeflow.trainingOperator.labels" . | nindent 4 }} + name: {{ include "kubeflow.trainingOperator.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + {{- if (eq $autoscalingEnabled "false") }} + replicas: {{ $replicas }} + {{- end }} + + selector: + matchLabels: + {{- include "kubeflow.trainingOperator.selectorLabels" . | nindent 6 }} + + template: + metadata: + labels: + {{- include "kubeflow.trainingOperator.selectorLabels" . | nindent 8 }} + annotations: + sidecar.istio.io/inject: "false" + + spec: + containers: + - name: {{ include "kubeflow.trainingOperator.baseName" . }} + image: {{ include "kubeflow.trainingOperator.image" . }} + imagePullPolicy: {{ include "kubeflow.trainingOperator.imagePullPolicy" . }} + + command: + - /manager + + ports: + - containerPort: {{ .Values.trainingOperator.service.monitoring.targetPort }} + - containerPort: {{ .Values.trainingOperator.service.webhookServer.targetPort }} + name: webhook-server + protocol: TCP + + {{- with .Values.trainingOperator.resources }} + resources: + {{- toYaml . | nindent 10 }} + {{- end }} + + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + timeoutSeconds: 3 + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 10 + periodSeconds: 15 + timeoutSeconds: 3 + + env: + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + + {{- with include "kubeflow.trainingOperator.containerSecurityContext" . }} + securityContext: + {{- . | nindent 10 }} + {{- end }} + + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + + serviceAccountName: {{ include "kubeflow.trainingOperator.serviceAccountName" . }} + + {{- with include "kubeflow.trainingOperator.nodeSelector" . }} + nodeSelector: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.trainingOperator.tolerations" . }} + tolerations: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.trainingOperator.affinity" . }} + affinity: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.trainingOperator.topologySpreadConstraints" . }} + topologySpreadConstraints: + {{- . | nindent 8 }} + {{- end }} + + {{- with include "kubeflow.trainingOperator.terminationGracePeriodSeconds" . }} + terminationGracePeriodSeconds: + {{- . | nindent 8 }} + {{- end }} + + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: {{ include "kubeflow.trainingOperator.tlsCertSecretName" . }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/hpa.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/hpa.yaml new file mode 100644 index 00000000..290fd3b3 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/hpa.yaml @@ -0,0 +1,36 @@ +{{- if (include "kubeflow.trainingOperator.autoscaling.enabled" . | eq "true") -}} + +{{- $componentName := include "kubeflow.trainingOperator.name" . -}} +{{- $minReplicas := include "kubeflow.trainingOperator.autoscaling.minReplicas" . -}} +{{- $maxReplicas := include "kubeflow.trainingOperator.autoscaling.maxReplicas" . -}} +{{- $targetCPUUtilizationPercentage := include "kubeflow.trainingOperator.autoscaling.targetCPUUtilizationPercentage" . -}} +{{- $targetMemoryUtilizationPercentage := include "kubeflow.trainingOperator.autoscaling.targetMemoryUtilizationPercentage" . -}} + +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + labels: + {{- include "kubeflow.trainingOperator.labels" . | nindent 4 }} + name: {{ $componentName }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ $componentName }} + minReplicas: {{ $minReplicas }} + maxReplicas: {{ $maxReplicas }} + metrics: + {{- if $targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + targetAverageUtilization: {{ $targetCPUUtilizationPercentage }} + {{- end }} + {{- if $targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + targetAverageUtilization: {{ $targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/poddisruptionbudget.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/poddisruptionbudget.yaml new file mode 100644 index 00000000..c0dc2e2c --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/poddisruptionbudget.yaml @@ -0,0 +1,18 @@ +{{- if (include "kubeflow.trainingOperator.pdb.create" . | eq "true") -}} + +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + labels: + {{- include "kubeflow.trainingOperator.labels" . | nindent 4 }} + name: {{ include "kubeflow.trainingOperator.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + selector: + matchLabels: + {{- include "kubeflow.trainingOperator.selectorLabels" . | nindent 6 }} + {{- with (include "kubeflow.trainingOperator.pdb.values" .) }} + {{- . | nindent 2 }} + {{- end }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/secret.webhook-cert.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/secret.webhook-cert.yaml new file mode 100644 index 00000000..4232f1b2 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/secret.webhook-cert.yaml @@ -0,0 +1,13 @@ +{{- if (include "kubeflow.trainingOperator.enabled" . | eq "true") -}} + +apiVersion: v1 +kind: Secret +metadata: + labels: + {{- include "kubeflow.trainingOperator.labels" . | nindent 4 }} + name: {{ include "kubeflow.trainingOperator.tlsCertSecretName" . }} + namespace: {{ include "kubeflow.namespace" . }} +data: {} +type: Opaque + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/service-account.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/service-account.yaml new file mode 100644 index 00000000..1330d850 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/service-account.yaml @@ -0,0 +1,15 @@ +{{- if (include "kubeflow.trainingOperator.createServiceAccount" . | eq "true") -}} + +apiVersion: v1 +kind: ServiceAccount +metadata: + {{- with .Values.trainingOperator.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "kubeflow.trainingOperator.labels" . | nindent 4 }} + name: {{ include "kubeflow.trainingOperator.serviceAccountName" . }} + namespace: {{ include "kubeflow.namespace" . }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/service.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/service.yaml new file mode 100644 index 00000000..670f47aa --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/service.yaml @@ -0,0 +1,28 @@ +{{- if (include "kubeflow.trainingOperator.enabled" . | eq "true") -}} + +apiVersion: v1 +kind: Service +metadata: + {{- with .Values.trainingOperator.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "kubeflow.trainingOperator.labels" . | nindent 4 }} + name: {{ include "kubeflow.trainingOperator.svc.name" . }} + namespace: {{ include "kubeflow.namespace" . }} +spec: + ports: + - name: monitoring-port + port: {{ .Values.trainingOperator.service.monitoring.port }} + targetPort: {{ .Values.trainingOperator.service.monitoring.targetPort }} + - name: webhook-server + port: {{ .Values.trainingOperator.service.webhookServer.port }} + protocol: TCP + targetPort: {{ .Values.trainingOperator.service.webhookServer.targetPort }} + selector: + {{- include "kubeflow.trainingOperator.selectorLabels" . | nindent 4 }} + sessionAffinity: None + type: {{ .Values.trainingOperator.service.type }} + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/validatingwebhookconfiguration.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/validatingwebhookconfiguration.yaml new file mode 100644 index 00000000..16dba1bd --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/validatingwebhookconfiguration.yaml @@ -0,0 +1,110 @@ +{{- if (include "kubeflow.trainingOperator.enabled" . | eq "true") -}} + +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: validator.training-operator.kubeflow.org +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ include "kubeflow.trainingOperator.svc.name" . }} + namespace: {{ include "kubeflow.namespace" . }} + path: /validate-kubeflow-org-v1-mxjob + failurePolicy: Fail + name: validator.mxjob.training-operator.kubeflow.org + rules: + - apiGroups: + - kubeflow.org + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - mxjobs + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ include "kubeflow.trainingOperator.svc.name" . }} + namespace: {{ include "kubeflow.namespace" . }} + path: /validate-kubeflow-org-v1-paddlejob + failurePolicy: Fail + name: validator.paddlejob.training-operator.kubeflow.org + rules: + - apiGroups: + - kubeflow.org + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - paddlejobs + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ include "kubeflow.trainingOperator.svc.name" . }} + namespace: {{ include "kubeflow.namespace" . }} + path: /validate-kubeflow-org-v1-pytorchjob + failurePolicy: Fail + name: validator.pytorchjob.training-operator.kubeflow.org + rules: + - apiGroups: + - kubeflow.org + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - pytorchjobs + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ include "kubeflow.trainingOperator.svc.name" . }} + namespace: {{ include "kubeflow.namespace" . }} + path: /validate-kubeflow-org-v1-tfjob + failurePolicy: Fail + name: validator.tfjob.training-operator.kubeflow.org + rules: + - apiGroups: + - kubeflow.org + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - tfjobs + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ include "kubeflow.trainingOperator.svc.name" . }} + namespace: {{ include "kubeflow.namespace" . }} + path: /validate-kubeflow-org-v1-xgboostjob + failurePolicy: Fail + name: validator.xgboostjob.training-operator.kubeflow.org + rules: + - apiGroups: + - kubeflow.org + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - xgboostjobs + sideEffects: None + +{{- end }} diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/values_lint.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/values_lint.yaml new file mode 100644 index 00000000..a4b2aeb6 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/kubeflow/values_lint.yaml @@ -0,0 +1,2057 @@ +# NOTE: try disabling cache in the ml-pipeline +# or, try using newer version + +# This namespace allows you to define where the services will be installed into +# if not set then they will use the namespace of the release +# This is helpful when installing Kubeflow as a chart dependency (sub chart). +namespace: "" + +# one of ['cluster', 'namespace'] +# 'namespace' is not yet fully supported. +# Maybe rename to 'deploymentScope'? +deploymentMode: cluster + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +auth: + userHeaderName: kubeflow-userid + groupsHeaderName: kubeflow-groups + authHeader: + name: Authorization + prefix: "Bearer " + userIdPrefix: "" + +clusterDomain: cluster.local + +defaults: + image: + registry: docker.io + pullPolicy: IfNotPresent + autoscaling: + # If autoscaling is disabled, replica count for a component is equal to minReplicas. + enabled: false + minReplicas: 1 + maxReplicas: 3 + targetCPUUtilizationPercentage: 80 + targetMemoryUtilizationPercentage: 80 + podDisruptionBudget: {} + nodeSelector: {} + tolerations: [] + affinity: {} + topologySpreadConstraints: + terminationGracePeriodSeconds: + containerSecurityContext: + +admissionWebhook: + enabled: true + image: + repository: kubeflownotebookswg/poddefaults-webhook + tag: v1.9.2 + registryOverwrite: + pullPolicyOverwrite: + resources: + {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + service: + create: true + annotations: + type: ClusterIP + port: 443 + targetPort: 4443 + autoscaling: + # If autoscaling is disabled, replica count for a component is equal to minReplicas. + enabled: + minReplicas: + maxReplicas: + targetCPUUtilizationPercentage: + targetMemoryUtilizationPercentage: + podDisruptionBudget: {} + rbac: + create: true + serviceAccount: + create: true + name: + annotations: + nodeSelector: + tolerations: + affinity: + topologySpreadConstraints: + containerSecurityContext: + +centraldashboard: + enabled: true + image: + repository: kubeflownotebookswg/centraldashboard + tag: v1.9.2 + registryOverwrite: + pullPolicyOverwrite: + resources: + {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + service: + create: true + annotations: + type: ClusterIP + autoscaling: + # If autoscaling is disabled, replica count for a component is equal to minReplicas. + enabled: + minReplicas: + maxReplicas: + targetCPUUtilizationPercentage: + targetMemoryUtilizationPercentage: + podDisruptionBudget: {} + rbac: + create: true + serviceAccount: + create: true + name: + annotations: + nodeSelector: + tolerations: + affinity: + topologySpreadConstraints: + containerSecurityContext: + config: + # This enables the automatic profile creation. + enableRegistrationFlow: false + logoutURL: "/oauth2/sign_out" + forceIFrame: true + links: + externalLinks: + menuLinks: + - type: item + link: /jupyter/ + text: Notebooks + icon: book + + - type: item + link: /tensorboards/ + text: Tensorboards + icon: assessment + + - type: item + link: /volumes/ + text: Volumes + icon: device:storage + + - type: item + link: /katib/ + text: Katib Experiments + icon: kubeflow:katib + + - type: item + link: /kserve-endpoints/ + text: KServe Endpoints + icon: kubeflow:models + + - icon: kubeflow:pipeline-centered + items: + - type: item + text: Pipelines + link: /pipeline/#/pipelines + + - type: item + text: Experiments + link: /pipeline/#/experiments + + - type: item + text: Runs + link: /pipeline/#/runs + + - type: item + text: Recurring Runs + link: /pipeline/#/recurringruns + + - type: item + text: Artifacts + link: /pipeline/#/artifacts + + - type: item + text: Executions + link: /pipeline/#/executions + text: Pipelines + type: section + quickLinks: + - text: Create a new Notebook + desc: Kubeflow Notebooks + link: /jupyter/new + - text: Upload a Pipeline + desc: Kubeflow Pipelines + link: /pipeline/#/pipelines + - text: View Pipeline Runs + desc: Notebook Servers + link: /pipeline/#/runs + documentationItems: + - text: Kubeflow Website + desc: The Kubeflow website + link: https://www.kubeflow.org/ + - text: Kubeflow Pipelines Documentation + desc: Documentation for Kubeflow Pipelines + link: https://www.kubeflow.org/docs/components/pipelines/ + - text: Kubeflow Notebooks Documentation + desc: Documentation for Kubeflow Notebooks + link: https://www.kubeflow.org/docs/components/notebooks/ + - text: Kubeflow Training Operator Documentation + desc: Documentation for Kubeflow Training Operator + link: https://www.kubeflow.org/docs/components/training/" + - text: Katib Documentation + desc: Documentation for Katib + link: https://www.kubeflow.org/docs/components/katib/ + +notebooks: + enabled: true + jupyterWebApp: + enabled: true + image: + repository: kubeflownotebookswg/jupyter-web-app + tag: v1.9.2 + registryOverwrite: + pullPolicyOverwrite: + resources: + {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + service: + create: true + annotations: + type: ClusterIP + autoscaling: + # If autoscaling is disabled, replica count for a component is equal to minReplicas. + enabled: + minReplicas: + maxReplicas: + targetCPUUtilizationPercentage: + targetMemoryUtilizationPercentage: + podDisruptionBudget: {} + rbac: + create: true + serviceAccount: + create: true + name: + annotations: + nodeSelector: + tolerations: + affinity: + topologySpreadConstraints: + containerSecurityContext: + # TODO: embed into config + urlPrefix: /jupyter + uiFlavor: default + secureCookies: true + logos: + # if this is defined, the configmap with logos will not be created but + # the one provided with customConfigMap will be used. + customConfigMap: + # if below values are defined, those will be used for the icons + # instead of defaults + icons: + jupyterIconSvg: + jupyterLabLogoSvg: + groupOneIconSvg: + groupOneLogoSvg: + groupTwoIconSvg: + groupTwoLogoSvg: + spawnerFormDefaults: + # -------------------------------------------------------------- + # Configuration file for the Kubeflow Notebooks UI. + # + # About the `readOnly` configs: + # - when `readOnly` is set to "true", the respective option + # will be disabled for users and only set by the admin + # - when 'readOnly' is missing, it defaults to 'false' + # -------------------------------------------------------------- + + ################################################################ + # Container Images + ################################################################ + # if users can input custom images, or only select from dropdowns + allowCustomImage: true + + # if the registry of the container image is hidden from display + hideRegistry: true + + # if the tag of the container image is hidden from display + hideTag: false + + # configs for the ImagePullPolicy + imagePullPolicy: + readOnly: false + + # the default ImagePullPolicy + # (possible values: "Always", "IfNotPresent", "Never") + value: IfNotPresent + + ################################################################ + # Jupyter-like Container Images + # + # NOTES: + # - the `image` section is used for "Jupyter-like" apps whose + # HTTP path is configured by the "NB_PREFIX" environment variable + ################################################################ + image: + # the default container image + value: kubeflownotebookswg/jupyter-scipy:v1.9.2 + + # the list of available container images in the dropdown + options: + - kubeflownotebookswg/jupyter-scipy:v1.9.2 + - kubeflownotebookswg/jupyter-pytorch-full:v1.9.2 + - kubeflownotebookswg/jupyter-pytorch-cuda-full:v1.9.2 + - kubeflownotebookswg/jupyter-tensorflow-full:v1.9.2 + - kubeflownotebookswg/jupyter-tensorflow-cuda-full:v1.9.2 + + ################################################################ + # VSCode-like Container Images (Group 1) + # + # NOTES: + # - the `imageGroupOne` section is used for "VSCode-like" apps that + # expose themselves under the HTTP root path "/" and support path + # rewriting without breaking + # - the annotation `notebooks.kubeflow.org/http-rewrite-uri: "/"` is + # set on Notebooks spawned by this group, to make Istio rewrite + # the path of HTTP requests to the HTTP root + ################################################################ + imageGroupOne: + # the default container image + value: kubeflownotebookswg/codeserver-python:v1.9.2 + + # the list of available container images in the dropdown + options: + - kubeflownotebookswg/codeserver-python:v1.9.2 + + ################################################################ + # RStudio-like Container Images (Group 2) + # + # NOTES: + # - the `imageGroupTwo` section is used for "RStudio-like" apps whose + # HTTP path is configured by the "X-RStudio-Root-Path" header + # - the annotation `notebooks.kubeflow.org/http-rewrite-uri: "/"` is + # set on Notebooks spawned by this group, to make Istio rewrite + # the path of HTTP requests to the HTTP root + # - the annotation `notebooks.kubeflow.org/http-headers-request-set` is + # set on Notebooks spawned by this group, such that Istio injects the + # "X-RStudio-Root-Path" header to all request + ################################################################ + imageGroupTwo: + # the default container image + value: kubeflownotebookswg/rstudio-tidyverse:v1.9.2 + + # the list of available container images in the dropdown + options: + - kubeflownotebookswg/rstudio-tidyverse:v1.9.2 + + ################################################################ + # CPU Resources + ################################################################ + cpu: + readOnly: false + + # the default cpu request for the container + value: "0.5" + + # a factor by which to multiply the CPU request calculate the cpu limit + # (to disable cpu limits, set as "none") + limitFactor: "1.2" + + ################################################################ + # Memory Resources + ################################################################ + memory: + readOnly: false + + # the default memory request for the container + value: "1.0Gi" + + # a factor by which to multiply the memory request calculate the memory limit + # (to disable memory limits, set as "none") + limitFactor: "1.2" + + ################################################################ + # GPU/Device-Plugin Resources + ################################################################ + gpus: + readOnly: false + + # configs for gpu/device-plugin limits of the container + # https://kubernetes.io/docs/tasks/manage-gpus/scheduling-gpus/#using-device-plugins + value: + # the `limitKey` of the default vendor + # (to have no default, set as "") + vendor: "" + + # the list of available vendors in the dropdown + # `limitsKey` - what will be set as the actual limit + # `uiName` - what will be displayed in the dropdown UI + vendors: + - limitsKey: "nvidia.com/gpu" + uiName: "NVIDIA" + - limitsKey: "amd.com/gpu" + uiName: "AMD" + + # the default value of the limit + # (possible values: "none", "1", "2", "4", "8") + num: "none" + + ################################################################ + # Workspace Volumes + ################################################################ + workspaceVolume: + readOnly: false + + # the default workspace volume to be created and mounted + # (to have no default, set `value: null`) + value: + mount: /home/jovyan + + # pvc configs for creating new workspace volumes + # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#persistentvolumeclaim-v1-core + newPvc: + metadata: + # "{notebook-name}" is replaced with the Notebook name + name: "{notebook-name}-workspace" + spec: + # storageClassName: my-storage-class + resources: + requests: + storage: 5Gi + accessModes: + - ReadWriteOnce + + ################################################################ + # Data Volumes + ################################################################ + dataVolumes: + readOnly: false + + # a list of additional data volumes to be created and/or mounted + value: [] + # value: + # - mount: /home/jovyan/datavol-1 + # newPvc: + # metadata: + # name: "{notebook-name}-datavol-1" + # spec: + # resources: + # requests: + # storage: 5Gi + # accessModes: + # - ReadWriteOnce + # + # - mount: /home/jovyan/datavol-1 + # existingSource: + # persistentVolumeClaim: + # claimName: "test-pvc" + + ################################################################ + # Affinity + ################################################################ + affinityConfig: + readOnly: false + + # the `configKey` of the default affinity config + # (to have no default, set as "") + # (if `readOnly`, the default `value` will be the only accessible option) + value: "" + + # the list of available affinity configs in the dropdown + options: [] + # options: + # - configKey: "dedicated_node_per_notebook" + # displayName: "Dedicated Node Per Notebook" + # affinity: + # # Require a Node with label `lifecycle=kubeflow-notebook` + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchExpressions: + # - key: "lifecycle" + # operator: "In" + # values: + # - "kubeflow-notebook" + # + # # Require a Node WITHOUT an existing Pod having `notebook-name` label + # podAntiAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # - labelSelector: + # matchExpressions: + # - key: "notebook-name" + # operator: "Exists" + # topologyKey: "kubernetes.io/hostname" + # # WARNING: `namespaceSelector` is Beta in 1.22 and Stable in 1.24, + # # setting to {} is required for affinity to work across Namespaces + # namespaceSelector: {} + + ################################################################ + # Tolerations + ################################################################ + tolerationGroup: + readOnly: false + + # the `groupKey` of the default toleration group + # (to have no default, set as "") + # (if `readOnly`, the default `value` will be the only accessible option) + value: "" + + # the list of available toleration groups in the dropdown + options: [] + # options: + # - groupKey: "group_1" + # displayName: "4 CPU 8Gb Mem at ~$X.XXX USD per day" + # tolerations: + # - key: "dedicated" + # operator: "Equal" + # value: "kubeflow-c5.xlarge" + # effect: "NoSchedule" + # + # - groupKey: "group_2" + # displayName: "8 CPU 16Gb Mem at ~$X.XXX USD per day" + # tolerations: + # - key: "dedicated" + # operator: "Equal" + # value: "kubeflow-c5.2xlarge" + # effect: "NoSchedule" + # + # - groupKey: "group_3" + # displayName: "16 CPU 32Gb Mem at ~$X.XXX USD per day" + # tolerations: + # - key: "dedicated" + # operator: "Equal" + # value: "kubeflow-c5.4xlarge" + # effect: "NoSchedule" + # + # - groupKey: "group_4" + # displayName: "32 CPU 256Gb Mem at ~$X.XXX USD per day" + # tolerations: + # - key: "dedicated" + # operator: "Equal" + # value: "kubeflow-r5.8xlarge" + # effect: "NoSchedule" + + ################################################################ + # Shared Memory + ################################################################ + shm: + readOnly: false + + # the default state of the "Enable Shared Memory" toggle + value: true + + ################################################################ + # PodDefaults + ################################################################ + configurations: + readOnly: false + + # the list of PodDefault names that are selected by default + # (take care to ensure these PodDefaults exist in Profile Namespaces) + value: [] + # value: + # - my-pod-default + + ################################################################ + # Environment + # + # NOTE: + # - these configs are only used by the ROK "flavor" of the UI + ################################################################ + environment: + readOnly: false + value: {} + controller: + enabled: true + image: + repository: kubeflownotebookswg/notebook-controller + tag: v1.9.2 + registryOverwrite: + pullPolicyOverwrite: + resources: + {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + service: + create: true + annotations: + type: ClusterIP + autoscaling: + # If autoscaling is disabled, replica count for a component is equal to minReplicas. + enabled: + minReplicas: + maxReplicas: + targetCPUUtilizationPercentage: + targetMemoryUtilizationPercentage: + podDisruptionBudget: {} + rbac: + create: true + serviceAccount: + create: true + name: + annotations: + nodeSelector: + tolerations: + affinity: + topologySpreadConstraints: + containerSecurityContext: + config: + culling: + enabled: false + idleTimeMinutes: 1440 + idleCheckPeriodMinutes: 1 + volumesWebApp: + enabled: true + image: + repository: kubeflownotebookswg/volumes-web-app + tag: v1.9.2 + registryOverwrite: + pullPolicyOverwrite: + resources: + {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + service: + create: true + annotations: + type: ClusterIP + autoscaling: + # If autoscaling is disabled, replica count for a component is equal to minReplicas. + enabled: + minReplicas: + maxReplicas: + targetCPUUtilizationPercentage: + targetMemoryUtilizationPercentage: + podDisruptionBudget: {} + rbac: + create: true + serviceAccount: + create: true + name: + annotations: + nodeSelector: + tolerations: + affinity: + topologySpreadConstraints: + containerSecurityContext: + config: + urlPrefix: /volumes + secureCookies: true + viewer: + image: + repository: filebrowser/filebrowser + tag: v2.25.0 + registryOverwrite: + pullPolicyOverwrite: + serviceAccountName: default-editor + pvcviewerController: + enabled: true + manager: + image: + repository: kubeflownotebookswg/pvcviewer-controller + tag: v1.9.2 + registryOverwrite: + pullPolicyOverwrite: + service: + create: true + annotations: + type: ClusterIP + webhook: + port: 9443 + resources: + {} + # limits: + # cpu: 500m + # memory: 128Mi + # requests: + # cpu: 10m + # memory: 64Mi + containerSecurityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + kubeRbacProxy: + image: + repository: kubebuilder/kube-rbac-proxy + tag: v0.13.1 + registryOverwrite: gcr.io + pullPolicyOverwrite: + service: + create: true + annotations: + type: ClusterIP + resources: + {} + # limits: + # cpu: 500m + # memory: 128Mi + # requests: + # cpu: 5m + # memory: 64Mi + containerSecurityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + autoscaling: + # If autoscaling is disabled, replica count for a component is equal to minReplicas. + enabled: + minReplicas: + maxReplicas: + targetCPUUtilizationPercentage: + targetMemoryUtilizationPercentage: + podDisruptionBudget: {} + rbac: + create: true + serviceAccount: + create: true + name: + annotations: + nodeSelector: + tolerations: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - amd64 + - arm64 + - ppc64le + - s390x + - key: kubernetes.io/os + operator: In + values: + - linux + topologySpreadConstraints: + terminationGracePeriodSeconds: 10 + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + +kserveModelsWebApp: + enabled: true + image: + repository: kserve/models-web-app + tag: v0.13.0 + registryOverwrite: + pullPolicyOverwrite: + resources: + {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + serviceAccount: + create: true + name: + annotations: + service: + create: true + annotations: + type: ClusterIP + rbac: + create: true + config: + urlPrefix: /kserve-endpoints + nodeSelector: + tolerations: + affinity: + topologySpreadConstraints: + autoscaling: + # If autoscaling is disabled, replica count for a component is equal to minReplicas. + enabled: + minReplicas: + maxReplicas: + targetCPUUtilizationPercentage: + targetMemoryUtilizationPercentage: + +profilesController: + enabled: true + kfam: + image: + repository: kubeflownotebookswg/kfam + tag: v1.9.2 + registryOverwrite: + pullPolicyOverwrite: + service: + create: true + annotations: + type: ClusterIP + config: + urlPrefix: /kfam + manager: + image: + repository: kubeflownotebookswg/profile-controller + tag: v1.9.2 + registryOverwrite: + pullPolicyOverwrite: + resources: + {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + autoscaling: + # If autoscaling is disabled, replica count for a component is equal to minReplicas. + enabled: + minReplicas: + maxReplicas: + targetCPUUtilizationPercentage: + targetMemoryUtilizationPercentage: + podDisruptionBudget: {} + rbac: + create: true + serviceAccount: + create: true + name: + annotations: + nodeSelector: + tolerations: + affinity: + topologySpreadConstraints: + containerSecurityContext: + config: + admin: + workloadIdentity: + defaultNamespaceLabels: + # Below is a list of labels to be set by default. + # + # To add a namespace label, use `key: 'value'`, for example: + # istio.io/rev: 'asm-191-1' + # + # To remove a namespace label, use `key: ''`. For example: + # istio-injection: '' + # + # Profile controller will not replace a namespace label if its key already + # exists. If you want to override the value of a previously applied label, you + # need to: + # 1. Remove the label by using `key: ''` and deploy. + # 2. Add the label by using `key: 'value'` and deploy. + # + katib.kubeflow.org/metrics-collector-injection: "enabled" + serving.kubeflow.org/inferenceservice: "enabled" + pipelines.kubeflow.org/enabled: "true" + app.kubernetes.io/part-of: "kubeflow-profile" + extraNamespaceLabels: + +katib: + urlPrefix: /katib + enabled: true + controller: + enabled: true + name: katib-controller + image: + repository: kubeflowkatib/katib-controller + tag: v0.17.0 + registryOverwrite: + pullPolicyOverwrite: + autoscaling: + # If autoscaling is disabled, replica count for a component is equal to minReplicas. + enabled: + minReplicas: + maxReplicas: + targetCPUUtilizationPercentage: + targetMemoryUtilizationPercentage: + service: + create: true + annotations: + prometheus.io/port: "8080" + prometheus.io/scheme: http + prometheus.io/scrape: "true" + + webhook: + port: 443 + targetPort: 8443 + metrics: + port: 8080 + targetPort: 8080 + healthz: + port: 18080 + targetPort: 18080 + + serviceAccount: + create: true + name: + annotations: + dbmanager: + enabled: true + name: katib-db-manager + image: + repository: kubeflowkatib/katib-db-manager + tag: v0.17.0 + registryOverwrite: + pullPolicyOverwrite: + autoscaling: + # If autoscaling is disabled, replica count for a component is equal to minReplicas. + enabled: + minReplicas: + maxReplicas: + targetCPUUtilizationPercentage: + targetMemoryUtilizationPercentage: + annotations: + sidecar.istio.io/inject: "false" + service: + create: true + annotations: + type: ClusterIP + config: + db: + existingSecretName: + driver: + value: mysql + secretKeyRef: + name: + key: driver + host: + value: mysql.kubeflow.svc.cluster.local + secretKeyRef: + name: + key: host + port: + value: 3306 + secretKeyRef: + name: + key: port + databaseName: + value: katib + secretKeyRef: + name: + key: databaseName + user: + value: katib + secretKeyRef: + name: + key: username + password: + value: katib1234 + secretKeyRef: + name: + key: password + ui: + enabled: true + name: katib-ui + urlPrefix: /katib + image: + repository: kubeflowkatib/katib-ui + tag: v0.17.0 + registryOverwrite: + pullPolicyOverwrite: + serviceAccount: + create: true + name: + annotations: + service: + create: true + annotations: + istioIntegration: + create: true + enabled: true + authorizationMode: ingressgateway + gateway: + name: kubeflow-gateway + config: + init: + trialResources: + - Job.v1.batch + - TFJob.v1.kubeflow.org + - PyTorchJob.v1.kubeflow.org + - MPIJob.v1.kubeflow.org + - XGBoostJob.v1.kubeflow.org + - MXJob.v1.kubeflow.org + runtime: + metricsCollectors: + - kind: StdOut + image: docker.io/kubeflowkatib/file-metrics-collector:v0.17.0 + - kind: File + image: docker.io/kubeflowkatib/file-metrics-collector:v0.17.0 + - kind: TensorFlowEvent + image: docker.io/kubeflowkatib/tfevent-metrics-collector:v0.17.0 + resources: + limits: + memory: 1Gi + suggestions: + - algorithmName: random + image: docker.io/kubeflowkatib/suggestion-hyperopt:v0.17.0 + - algorithmName: tpe + image: docker.io/kubeflowkatib/suggestion-hyperopt:v0.17.0 + - algorithmName: grid + image: docker.io/kubeflowkatib/suggestion-optuna:v0.17.0 + - algorithmName: hyperband + image: docker.io/kubeflowkatib/suggestion-hyperband:v0.17.0 + - algorithmName: bayesianoptimization + image: docker.io/kubeflowkatib/suggestion-skopt:v0.17.0 + - algorithmName: cmaes + image: docker.io/kubeflowkatib/suggestion-goptuna:v0.17.0 + - algorithmName: sobol + image: docker.io/kubeflowkatib/suggestion-goptuna:v0.17.0 + - algorithmName: multivariate-tpe + image: docker.io/kubeflowkatib/suggestion-optuna:v0.17.0 + - algorithmName: enas + image: docker.io/kubeflowkatib/suggestion-enas:v0.17.0 + resources: + limits: + memory: 200Mi + - algorithmName: darts + image: docker.io/kubeflowkatib/suggestion-darts:v0.17.0 + - algorithmName: pbt + image: docker.io/kubeflowkatib/suggestion-pbt:v0.17.0 + persistentVolumeClaimSpec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 5Gi + earlyStoppings: + - algorithmName: medianstop + image: docker.io/kubeflowkatib/earlystopping-medianstop:v0.17.0 + +# TODO: verify patches in apps/pipeline/upstream/base/installs/multi-user +pipelines: + enabled: true + # NOTE: The Kubeflow Pipelines subcomponents contains special handling. It + # will first apply the global .Values.defaults.image, then look for + # .Values.pipelines.defaults.image and lastly for .Values.pipelines..image. + # This is primarily useful for setting global registry or Pipelines Container Tag. + defaults: + image: + registry: gcr.io + tag: 2.3.0 + pullPolicy: IfNotPresent + config: + # If this is empty, the kfp backend will automatically configure that with: + # "minio://mlpipeline/v2/artifacts" + # Please see the following links for referece: + # * <=2.1.0: https://github.com/kubeflow/pipelines/blob/2.1.0/backend/src/v2/config/env.go#L33 + # * >=2.2.0: https://github.com/kubeflow/pipelines/blob/2.2.0/backend/src/v2/config/env.go#L36 + # + # If we want to use s3, we should configure this with something similar to: + # s3://mlpipeline/v2/artifacts + # + # In 2.2.0 it's also possible to define bucket 'providers', which can be minio, s3 or gcs: + # * https://github.com/kubeflow/pipelines/blob/2.2.0/backend/src/v2/config/env.go#L45 + # * https://github.com/kubeflow/pipelines/blob/2.2.0/backend/src/v2/config/env.go#L151 + # * https://github.com/kubeflow/pipelines/blob/2.2.0/backend/src/v2/config/s3.go#L24 + defaultPipelineRoot: "" + + objectStore: + # The Secret Name 'mlpipeline-minio-artifact' is currently hardcoded: + # * <=2.1.0: + # https://github.com/kubeflow/pipelines/blob/2.1.0/backend/src/v2/objectstore/object_store.go#L292 + # * >=2.2.0 (state as of 2nd May 2024) + # https://github.com/kubeflow/pipelines/blob/2.2.0/backend/src/v2/config/env.go#L39 + # + # It's only possible to use either nil or 'mlpipeline-minio-artifact' for + # * .Values.pipelines.config.objectStore.existingSecretName + # * .Values.pipelines.config.objectStore.accessKey.secretKeyRef.name + # * .Values.pipelines.config.objectStore.secretAccessKey.secretKeyRef.name + # + # If the Secret Name is not provided in neither of the following, it will + # be created with plaintext values for compatibility: + # * .Values.pipelines.config.objectStore.existingSecretName + # * .Values.pipelines.config.objectStore.accessKey.secretKeyRef.name + # * .Values.pipelines.config.objectStore.secretAccessKey.secretKeyRef.name + existingSecretName: + accessKey: + value: minio + secretKeyRef: + name: + # The Secret Key 'accesskey' is currently hardcoded: + # https://github.com/kubeflow/pipelines/blob/2.1.0/backend/src/v2/objectstore/object_store.go#L324 + # https://github.com/kubeflow/pipelines/blob/2.2.0/backend/src/v2/config/env.go#L42 + key: accesskey + secretAccessKey: + value: minio123 + secretKeyRef: + name: + # The Secret Key 'secretkey' is currently hardcoded: + # https://github.com/kubeflow/pipelines/blob/2.1.0/backend/src/v2/objectstore/object_store.go#L325 + # https://github.com/kubeflow/pipelines/blob/2.2.0/backend/src/v2/config/env.go#L41 + key: secretkey + host: + value: minio + secretKeyRef: + name: + key: host + port: + value: 9000 + secretKeyRef: + name: + key: port + region: + value: + secretKeyRef: + name: + key: region + secure: + value: false + secretKeyRef: + name: + key: secure + bucketName: + value: mlpipeline + secretKeyRef: + name: + key: bucketName + + db: + existingSecretName: + user: + value: root + secretKeyRef: + name: + key: username + password: + value: mysql1234 + secretKeyRef: + name: + key: password + host: + value: mysql + secretKeyRef: + name: + key: host + port: + value: 3306 + secretKeyRef: + name: + key: port + mlmdDatabaseName: + value: metadb + secretKeyRef: + name: + key: mlmdDatabaseName + pipelineDatabaseName: + value: mlpipeline + secretKeyRef: + name: + key: pipelineDatabaseName + cacheDatabaseName: + value: cachedb + secretKeyRef: + name: + key: cacheDatabaseName + driver: + value: mysql + secretKeyRef: + name: + key: driver + conMaxLifetime: + value: 120s + secretKeyRef: + name: + key: conMaxLifetime + + cache: + enabled: true + image: + repository: ml-pipeline/cache-server + registryOverwrite: + tagOverwrite: + pullPolicyOverwrite: + resources: + # requests: + # cpu: + # memory: + # limits: + # cpu: + # memory: + service: + create: true + annotations: + type: ClusterIP + port: 443 + targetPort: 8443 + autoscaling: + # If autoscaling is disabled, replica count for a component is equal to minReplicas. + enabled: + minReplicas: + maxReplicas: + targetCPUUtilizationPercentage: + targetMemoryUtilizationPercentage: + podDisruptionBudget: {} + rbac: + create: true + serviceAccount: + create: true + name: + annotations: + nodeSelector: + tolerations: + affinity: + topologySpreadConstraints: + containerSecurityContext: + config: + ## defaultCacheStaleness and maximumCacheStaleness configures caching according to + ## https://www.kubeflow.org/docs/components/pipelines/overview/caching/ and + ## https://www.kubeflow.org/docs/components/pipelines/overview/caching-v2/. + ## This value is used if the user did not set a value in the pipeline. + ## defaultCacheStaleness: "P7D" + ## maximumCacheStaleness: "P30D" + defaultCacheStaleness: "" + maximumCacheStaleness: "" + ## ConMaxLifeTime will set the connection max lifetime for MySQL + ## this is very important to setup when using external databases. + ## See this issue for more details: https://github.com/kubeflow/pipelines/issues/5329 + ## Note: this value should be a string that can be parsed by `time.ParseDuration`. + ## If this value doesn't include a unit abbreviation, the units will be assumed + ## to be nanoseconds. + conMaxLifeTime: "120s" + ## cacheImage is the image that the mutating webhook will use to patch + ## cached steps with. Will be used to echo a message announcing that + ## the cached step result will be used. If not set it will default to + ## 'gcr.io/google-containers/busybox' + cacheImage: gcr.io/google-containers/busybox + ## cacheNodeRestrictions the dummy container running if output is cached + ## will run with the same affinity and node selector as the default pipeline + ## step. This is defaulted to 'false' to allow the pod to be scheduled on + ## any node and avoid defaulting to specific nodes. Allowed values are: + ## 'false' and 'true'. + cacheNodeRestrictions: "false" + + # --- + + mlPipeline: + # aka api-server + enabled: true + image: + repository: ml-pipeline/api-server + registryOverwrite: + tagOverwrite: + pullPolicyOverwrite: + resources: + requests: + cpu: 250m + memory: 500Mi + # limits: + # cpu: 500m + # memory: 1024Mi + service: + create: true + annotations: + type: ClusterIP + autoscaling: + # If autoscaling is disabled, replica count for a component is equal to minReplicas. + enabled: + minReplicas: + maxReplicas: + targetCPUUtilizationPercentage: + targetMemoryUtilizationPercentage: + podDisruptionBudget: {} + rbac: + create: true + serviceAccount: + create: true + name: + annotations: + nodeSelector: + tolerations: + affinity: + topologySpreadConstraints: + containerSecurityContext: + config: + # always use KF Pipeline latest version? + autoUpdatePipelineDefaultVersion: true + + persistenceAgent: + enabled: true + image: + repository: ml-pipeline/persistenceagent + registryOverwrite: + tagOverwrite: + pullPolicyOverwrite: + resources: + requests: + cpu: 120m + memory: 500Mi + # limits: + # cpu: 500m + # memory: 1024Mi + service: + create: true + annotations: + type: ClusterIP + autoscaling: + # If autoscaling is disabled, replica count for a component is equal to minReplicas. + enabled: + minReplicas: + maxReplicas: + targetCPUUtilizationPercentage: + targetMemoryUtilizationPercentage: + podDisruptionBudget: {} + rbac: + create: true + serviceAccount: + create: true + name: + annotations: + nodeSelector: + tolerations: + affinity: + topologySpreadConstraints: + containerSecurityContext: + config: + ttlSecondsAfterWorkflowFinish: 86400 + numWorkers: 2 + + scheduledWorkflow: + enabled: true + image: + repository: ml-pipeline/scheduledworkflow + registryOverwrite: + tagOverwrite: + pullPolicyOverwrite: + resources: + # requests: + # cpu: 250m + # memory: 500Mi + # limits: + # cpu: 500m + # memory: 1024Mi + service: + create: true + annotations: + type: ClusterIP + autoscaling: + # If autoscaling is disabled, replica count for a component is equal to minReplicas. + enabled: + minReplicas: + maxReplicas: + targetCPUUtilizationPercentage: + targetMemoryUtilizationPercentage: + podDisruptionBudget: {} + rbac: + create: true + serviceAccount: + create: true + name: + annotations: + nodeSelector: + tolerations: + affinity: + topologySpreadConstraints: + containerSecurityContext: + config: + cronScheduleTimezone: "UTC" + + ui: + enabled: true + image: + repository: ml-pipeline/frontend + registryOverwrite: + tagOverwrite: + pullPolicyOverwrite: + resources: + requests: + cpu: 10m + memory: 70Mi + # limits: + # cpu: 500m + # memory: 1024Mi + service: + create: true + annotations: + type: ClusterIP + autoscaling: + # If autoscaling is disabled, replica count for a component is equal to minReplicas. + enabled: + minReplicas: + maxReplicas: + targetCPUUtilizationPercentage: + targetMemoryUtilizationPercentage: + podDisruptionBudget: {} + rbac: + create: true + serviceAccount: + create: true + name: + annotations: + nodeSelector: + tolerations: + affinity: + topologySpreadConstraints: + containerSecurityContext: + config: + # Note from apps/pipeline/upstream/base/installs/multi-user/pipelines-ui/configmap-patch.yaml + # Temporary workarounds: + # 1. Using default-editor because default-viewer isn't bound to workload identity + viewerPodServiceAccountName: default-editor + allowCustomVisualizations: true + urlPrefix: /pipeline + + viewerCrd: + enabled: true + image: + repository: ml-pipeline/viewer-crd-controller + registryOverwrite: + tagOverwrite: + pullPolicyOverwrite: + resources: + # requests: + # cpu: + # memory: + # limits: + # cpu: + # memory: + service: + create: true + annotations: + type: ClusterIP + autoscaling: + # If autoscaling is disabled, replica count for a component is equal to minReplicas. + enabled: + minReplicas: + maxReplicas: + targetCPUUtilizationPercentage: + targetMemoryUtilizationPercentage: + podDisruptionBudget: {} + rbac: + create: true + serviceAccount: + create: true + name: + annotations: + nodeSelector: + tolerations: + affinity: + topologySpreadConstraints: + containerSecurityContext: + config: + maxNumViewers: 50 + + metadataWriter: + enabled: true + image: + repository: ml-pipeline/metadata-writer + registryOverwrite: + tagOverwrite: + pullPolicyOverwrite: + resources: + # requests: + # cpu: + # memory: + # limits: + # cpu: + # memory: + service: + create: true + annotations: + type: ClusterIP + autoscaling: + # If autoscaling is disabled, replica count for a component is equal to minReplicas. + enabled: + minReplicas: + maxReplicas: + targetCPUUtilizationPercentage: + targetMemoryUtilizationPercentage: + podDisruptionBudget: {} + rbac: + create: true + serviceAccount: + create: true + name: + annotations: + nodeSelector: + tolerations: + affinity: + topologySpreadConstraints: + containerSecurityContext: + config: + + # NOTE: defines istio sidecar injection but it doesn't work + # because it's in an annotation, not pod label. + metadataEnvoy: + enabled: true + image: + repository: ml-pipeline/metadata-envoy + registryOverwrite: + tagOverwrite: + pullPolicyOverwrite: + resources: + # requests: + # cpu: + # memory: + # limits: + # cpu: + # memory: + service: + create: true + annotations: + type: ClusterIP + autoscaling: + # If autoscaling is disabled, replica count for a component is equal to minReplicas. + enabled: + minReplicas: + maxReplicas: + targetCPUUtilizationPercentage: + targetMemoryUtilizationPercentage: + podDisruptionBudget: {} + serviceAccount: + create: false + name: + annotations: + nodeSelector: + tolerations: + affinity: + topologySpreadConstraints: + containerSecurityContext: + config: + + metadataGrpcServer: + enabled: true + image: + repository: tfx-oss-public/ml_metadata_store_server + registryOverwrite: + tagOverwrite: 1.14.0 + pullPolicyOverwrite: + resources: + # requests: + # cpu: + # memory: + # limits: + # cpu: + # memory: + service: + create: true + annotations: + type: ClusterIP + # TODO: investigate if exposing port config to all services makes sense. + port: 8080 + autoscaling: + # If autoscaling is disabled, replica count for a component is equal to minReplicas. + enabled: + minReplicas: + maxReplicas: + targetCPUUtilizationPercentage: + targetMemoryUtilizationPercentage: + podDisruptionBudget: {} + serviceAccount: + create: true + name: + annotations: + nodeSelector: + tolerations: + affinity: + topologySpreadConstraints: + containerSecurityContext: + config: + urlPrefix: /ml_metadata + + visualization: + enabled: true + image: + repository: ml-pipeline/visualization-server + registryOverwrite: + tagOverwrite: + pullPolicyOverwrite: + resources: + requests: + cpu: 30m + memory: 500Mi + # limits: + # cpu: + # memory: + service: + create: true + annotations: + type: ClusterIP + autoscaling: + # If autoscaling is disabled, replica count for a component is equal to minReplicas. + enabled: + minReplicas: + maxReplicas: + targetCPUUtilizationPercentage: + targetMemoryUtilizationPercentage: + podDisruptionBudget: {} + rbac: + create: true + serviceAccount: + create: true + name: + annotations: + nodeSelector: + tolerations: + affinity: + topologySpreadConstraints: + containerSecurityContext: + config: + + # This is metacontroller based implementation that creates instances of + # * Secret/mlpipeline-minio-artifact + # * Deployment/ml-pipeline-ui-artifact + # * Service/ml-pipeline-ui-artifact + # * Deployment/ml-pipeline-visualizationserver + # * Service/ml-pipeline-visualizationserver + # * ConfigMap/kfp-launcher + # * ConfigMap/metadata-grpc-configmap + # * AuthorizationPolicy/ml-pipeline-visualizationserver + # * DestinationRule/ml-pipeline-visualizationserver + profileController: + enabled: true + image: + repository: python + registryOverwrite: docker.io + tagOverwrite: "3.7" + pullPolicyOverwrite: + resources: + # requests: + # cpu: + # memory: + # limits: + # cpu: + # memory: + service: + create: true + annotations: + type: ClusterIP + autoscaling: + # If autoscaling is disabled, replica count for a component is equal to minReplicas. + enabled: + minReplicas: + maxReplicas: + targetCPUUtilizationPercentage: + targetMemoryUtilizationPercentage: + podDisruptionBudget: {} + rbac: + create: false + serviceAccount: + create: false + name: + annotations: + nodeSelector: + tolerations: + affinity: + topologySpreadConstraints: + containerSecurityContext: + config: + disableIstioSidecar: false + + +tensorboard: + enabled: true + controller: + enabled: true + manager: + image: + repository: kubeflownotebookswg/tensorboard-controller + tag: v1.9.2 + registryOverwrite: + pullPolicyOverwrite: + resources: + {} + # limits: + # cpu: 500m + # memory: 128Mi + # requests: + # cpu: 10m + # memory: 64Mi + containerSecurityContext: + allowPrivilegeEscalation: false + config: + rwoPvcScheduling: "True" + tensorboard: + image: + repository: tensorflow/tensorflow + registryOverwrite: + tag: "2.5.1" + kubeRbacProxy: + image: + repository: kubebuilder/kube-rbac-proxy + tag: v0.8.0 + registryOverwrite: gcr.io + pullPolicyOverwrite: + service: + create: true + annotations: + type: ClusterIP + port: 8443 + targetPort: 8443 + resources: + {} + # limits: + # cpu: 500m + # memory: 128Mi + # requests: + # cpu: 5m + # memory: 64Mi + containerSecurityContext: + autoscaling: + # If autoscaling is disabled, replica count for a component is equal to minReplicas. + enabled: + minReplicas: + maxReplicas: + targetCPUUtilizationPercentage: + targetMemoryUtilizationPercentage: + podDisruptionBudget: {} + rbac: + create: true + serviceAccount: + create: true + name: + annotations: + nodeSelector: + tolerations: + affinity: + topologySpreadConstraints: + terminationGracePeriodSeconds: 10 + securityContext: + runAsNonRoot: true + runAsUser: 999 + tensorboardsWebApp: + enabled: true + image: + repository: kubeflownotebookswg/tensorboards-web-app + tag: v1.9.2 + registryOverwrite: + pullPolicyOverwrite: + resources: + {} + service: + create: true + annotations: + type: ClusterIP + port: 80 + targetPort: 5000 + autoscaling: + # If autoscaling is disabled, replica count for a component is equal to minReplicas. + enabled: + minReplicas: + maxReplicas: + targetCPUUtilizationPercentage: + targetMemoryUtilizationPercentage: + podDisruptionBudget: {} + rbac: + create: true + serviceAccount: + create: true + name: + annotations: + nodeSelector: + tolerations: + affinity: + topologySpreadConstraints: + containerSecurityContext: + config: + urlPrefix: /tensorboards + secureCookies: true + +trainingOperator: + enabled: true + image: + repository: kubeflow/training-operator + tag: v1-04f9f13 + registryOverwrite: + pullPolicyOverwrite: + resources: + {} + service: + create: true + annotations: + type: ClusterIP + webhookServer: + port: 443 + targetPort: 9443 + monitoring: + port: 8080 + targetPort: 8080 + autoscaling: + # If autoscaling is disabled, replica count for a component is equal to minReplicas. + enabled: + minReplicas: + maxReplicas: + targetCPUUtilizationPercentage: + targetMemoryUtilizationPercentage: + podDisruptionBudget: {} + rbac: + create: true + serviceAccount: + create: true + name: + annotations: + nodeSelector: + tolerations: + affinity: + topologySpreadConstraints: + terminationGracePeriodSeconds: 10 + containerSecurityContext: + allowPrivilegeEscalation: false + +modelRegistry: + enabled: true + rest: + image: + repository: kubeflow/model-registry + tag: v0.2.9 + pullPolicy: IfNotPresent + resources: + {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + containerSecurityContext: + grpc: + image: + registry: gcr.io + repository: tfx-oss-public/ml_metadata_store_server + tag: 1.14.0 + pullPolicy: IfNotPresent + resources: + {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + containerSecurityContext: + service: + annotations: + type: ClusterIP + restPort: 8080 + grpcPort: 9090 + autoscaling: + # If autoscaling is disabled, replica count for a component is equal to minReplicas. + enabled: + minReplicas: + maxReplicas: + targetCPUUtilizationPercentage: + targetMemoryUtilizationPercentage: + podDisruptionBudget: {} + podAnnotations: + # If Database in use is MySQL running incluster and MySQL has Istio Sidecar + # Disabled, the connection to MySQL Server must also run without sidecar. + # Related resources: + # https://istio.io/latest/about/faq/#mysql-with-mtls + # https://github.com/istio/istio/issues/10062 + traffic.sidecar.istio.io/excludeOutboundPorts: "3306" + serviceAccount: + create: true + name: + annotations: + nodeSelector: + tolerations: + affinity: + topologySpreadConstraints: + config: + rest: + urlPrefix: /api/model_registry/ + grpc: + urlPrefix: /ml_metadata.MetadataStoreService/ + db: + existingSecretName: + user: + value: root + secretKeyRef: + name: + key: username + password: + value: mysql1234 + secretKeyRef: + name: + key: password + host: + value: mysql + secretKeyRef: + name: + key: host + port: + value: 3306 + secretKeyRef: + name: + key: port + dbName: + value: metadb_model_registry + secretKeyRef: + name: + key: dbName + +networkPolicies: + enabled: true + +# if cert manager is not enabled, we have to use cache-deployer. +# We currently don't support deployments without cert-manager. +certManagerIntegration: + enabled: true + +istioIntegration: + enabled: true + envoyExtAuthzHttpExtensionProviderName: oauth2-proxy + rootNamespace: istio-system + ingressGatewayNamespace: istio-ingress + # Required for KF Profiles Controller to configure + # correct AuthorizationPolicy principal. + ingressGatewayServiceAccountName: istio-ingressgateway + # one of ['ingressgateway', 'granular'] + # * 'ingressgateway' will deploy one AuthorizationPolicy in the namespace where + # istio ingress gateway Pod is being deployed. + # * 'granular' will deploy multiple AuthorizationPolicies with CUSTOM action using auth provider, + # each for component that requires user id. This is an alternative way of setting authentication + # with istio. 'granular' is more secure but more complex. + # NOTE: this is ultimately not supported and should be cleaned up. + authorizationMode: ingressgateway + m2m: + enabled: true + userClaim: sub + groupsClaim: groups + issuer: https://kubernetes.default.svc.cluster.local + userAuth: + userClaim: email + issuer: http://dex.dex.svc.cluster.local:5556/dex + gateway: + name: kubeflow-gateway + selector: + istio: ingressgateway + # TODO: check if this is used + servers: + - hosts: + - "*" + port: + number: 80 + name: http + protocol: HTTP + kubeflowJwksProxy: + enabled: true + +# Both .Values.dexIntegration.enabled and .Values.istioIntegration.enabled has +# to be set to a boolean 'true' in order to create required dex integration +# resources. + +# Automatically creates Istio VirtualService or Ingress objects. +dexIntegration: + enabled: true + svc: + name: dex + port: 5556 + namespace: dex + + # one of: 'internal', 'external' + # * internal - the in-kubernetes svc address will be used as the dex IdP + # Issuer address. + # example: dex.dex.svc.cluster.local + # * external - the .Values.dexIntegration.host will be used as the dex IdP + # Issuer address. + # example: dex.example.com + # Currently only 'internal' is supported. + integrationType: internal + + # One of: 'istio', 'ingress'. + # Currently only 'istio' is supported. + integrationMode: istio + + # 'host' must be set if .Values.dexIntegration.integrationType: external + host: + + # If .Values.dexIntegration.integrationType: internal, dex IdP will be + # available under this relative URL Prefix. + urlPrefix: /dex + + integrationModeConfig: + istio: + ingress: + class: + annotations: + +# Automatically creates Istio VirtualService. +oauth2ProxyIntegration: + enabled: true + urlPrefix: /oauth2 + host: "*" + svc: + name: oauth2-proxy + port: 80 + namespace: oauth2-proxy + +knativeIntegration: + enabled: true + knativeServing: + enabled: true + name: knative-serving + namespace: knative-serving + # Whatever is under .knativeIntegration.knativeServing.operatorSpec will be + # put directly to the KnativeServing CRD under .spec. + operatorSpec: + version: 1.12.4 + ingress: + istio: + enabled: true + knative-ingress-gateway: + selector: + istio: ingressgateway + servers: + - port: + number: 80 + name: http + protocol: HTTP + hosts: + - "*" + knative-local-gateway: + selector: + istio: cluster-local-gateway + servers: + - port: + number: 80 + name: http + protocol: HTTP + hosts: + - "*" + config: + # Note: The configuration options may be copied out of + # the example blocks, found in each of the supported KNative ConfigMaps. + # For more information, visit official knative operator documentation: + # https://knative.dev/docs/install/operator/configuring-with-operator/ + istio: + gateway.knative-serving.knative-ingress-gateway: "istio-ingressgateway.istio-ingress.svc.cluster.local" + local-gateway.knative-serving.knative-local-gateway: "cluster-local-gateway.istio-ingress.svc.cluster.local" + external-gateways: | + - name: knative-ingress-gateway + namespace: knative-serving + service: istio-ingressgateway.istio-ingress.svc.cluster.local + + local-gateways: | + - name: knative-local-gateway + namespace: knative-serving + service: cluster-local-gateway.istio-ingress.svc.cluster.local + domain: {} + # example.com: "" + + # Eventing config + knativeEventing: + enabled: false + name: knative-eventing + namespace: knative-eventing + # Whatever is under .knativeIntegration.knativeEventing.operatorSpec will be + # put directly to the KnativeEventing CRD under .spec. + operatorSpec: + version: 1.10.2 diff --git a/packs/kubeflow-1.9.1/charts/metacontroller-4.11.22.tgz b/packs/kubeflow-1.9.1/charts/metacontroller-4.11.22.tgz new file mode 100644 index 00000000..a6f6632d Binary files /dev/null and b/packs/kubeflow-1.9.1/charts/metacontroller-4.11.22.tgz differ diff --git a/packs/kubeflow-1.9.1/charts/metacontroller/.helmignore b/packs/kubeflow-1.9.1/charts/metacontroller/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/metacontroller/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/packs/kubeflow-1.9.1/charts/metacontroller/Chart.yaml b/packs/kubeflow-1.9.1/charts/metacontroller/Chart.yaml new file mode 100644 index 00000000..b1c1d902 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/metacontroller/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: metacontroller +description: A Helm chart for Metacontroller + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 4.11.22 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "4.11.22" \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/metacontroller/crds/controllers.yaml b/packs/kubeflow-1.9.1/charts/metacontroller/crds/controllers.yaml new file mode 100644 index 00000000..a5444664 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/metacontroller/crds/controllers.yaml @@ -0,0 +1,827 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.kubernetes.io: unapproved, request not yet submitted + controller-gen.kubebuilder.io/version: v0.13.0 + name: compositecontrollers.metacontroller.k8s.io +spec: + group: metacontroller.k8s.io + names: + kind: CompositeController + listKind: CompositeControllerList + plural: compositecontrollers + shortNames: + - cc + - cctl + singular: compositecontroller + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: CompositeController + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + childResources: + items: + properties: + apiVersion: + type: string + resource: + type: string + updateStrategy: + properties: + method: + enum: + - OnDelete + - Recreate + - InPlace + - RollingRecreate + - RollingInPlace + type: string + statusChecks: + properties: + conditions: + items: + properties: + reason: + type: string + status: + type: string + type: + type: string + required: + - type + type: object + type: array + type: object + type: object + required: + - apiVersion + - resource + type: object + type: array + generateSelector: + type: boolean + hooks: + properties: + customize: + properties: + version: + default: v1 + enum: + - v1 + - v2 + type: string + webhook: + properties: + etag: + properties: + cacheCleanupSeconds: + format: int32 + type: integer + cacheTimeoutSeconds: + format: int32 + type: integer + enabled: + type: boolean + type: object + path: + type: string + responseUnMarshallMode: + description: Sets the json unmarshall mode. One of the + 'loose' or 'strict'. In 'strict' mode additional checks + are performed to detect unknown and duplicated fields. + enum: + - loose + - strict + type: string + service: + properties: + name: + type: string + namespace: + type: string + port: + format: int32 + type: integer + protocol: + type: string + required: + - name + - namespace + type: object + timeout: + format: duration + type: string + url: + type: string + type: object + type: object + finalize: + properties: + version: + default: v1 + enum: + - v1 + - v2 + type: string + webhook: + properties: + etag: + properties: + cacheCleanupSeconds: + format: int32 + type: integer + cacheTimeoutSeconds: + format: int32 + type: integer + enabled: + type: boolean + type: object + path: + type: string + responseUnMarshallMode: + description: Sets the json unmarshall mode. One of the + 'loose' or 'strict'. In 'strict' mode additional checks + are performed to detect unknown and duplicated fields. + enum: + - loose + - strict + type: string + service: + properties: + name: + type: string + namespace: + type: string + port: + format: int32 + type: integer + protocol: + type: string + required: + - name + - namespace + type: object + timeout: + format: duration + type: string + url: + type: string + type: object + type: object + postUpdateChild: + properties: + version: + default: v1 + enum: + - v1 + - v2 + type: string + webhook: + properties: + etag: + properties: + cacheCleanupSeconds: + format: int32 + type: integer + cacheTimeoutSeconds: + format: int32 + type: integer + enabled: + type: boolean + type: object + path: + type: string + responseUnMarshallMode: + description: Sets the json unmarshall mode. One of the + 'loose' or 'strict'. In 'strict' mode additional checks + are performed to detect unknown and duplicated fields. + enum: + - loose + - strict + type: string + service: + properties: + name: + type: string + namespace: + type: string + port: + format: int32 + type: integer + protocol: + type: string + required: + - name + - namespace + type: object + timeout: + format: duration + type: string + url: + type: string + type: object + type: object + preUpdateChild: + properties: + version: + default: v1 + enum: + - v1 + - v2 + type: string + webhook: + properties: + etag: + properties: + cacheCleanupSeconds: + format: int32 + type: integer + cacheTimeoutSeconds: + format: int32 + type: integer + enabled: + type: boolean + type: object + path: + type: string + responseUnMarshallMode: + description: Sets the json unmarshall mode. One of the + 'loose' or 'strict'. In 'strict' mode additional checks + are performed to detect unknown and duplicated fields. + enum: + - loose + - strict + type: string + service: + properties: + name: + type: string + namespace: + type: string + port: + format: int32 + type: integer + protocol: + type: string + required: + - name + - namespace + type: object + timeout: + format: duration + type: string + url: + type: string + type: object + type: object + sync: + properties: + version: + default: v1 + enum: + - v1 + - v2 + type: string + webhook: + properties: + etag: + properties: + cacheCleanupSeconds: + format: int32 + type: integer + cacheTimeoutSeconds: + format: int32 + type: integer + enabled: + type: boolean + type: object + path: + type: string + responseUnMarshallMode: + description: Sets the json unmarshall mode. One of the + 'loose' or 'strict'. In 'strict' mode additional checks + are performed to detect unknown and duplicated fields. + enum: + - loose + - strict + type: string + service: + properties: + name: + type: string + namespace: + type: string + port: + format: int32 + type: integer + protocol: + type: string + required: + - name + - namespace + type: object + timeout: + format: duration + type: string + url: + type: string + type: object + type: object + type: object + parentResource: + properties: + apiVersion: + type: string + labelSelector: + description: A label selector is a label query over a set of resources. + The result of matchLabels and matchExpressions are ANDed. An + empty label selector matches all objects. A null label selector + matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + resource: + type: string + revisionHistory: + properties: + fieldPaths: + items: + type: string + type: array + type: object + required: + - apiVersion + - resource + type: object + resyncPeriodSeconds: + format: int32 + type: integer + required: + - parentResource + type: object + status: + type: object + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.kubernetes.io: unapproved, request not yet submitted + controller-gen.kubebuilder.io/version: v0.13.0 + name: controllerrevisions.metacontroller.k8s.io +spec: + group: metacontroller.k8s.io + names: + kind: ControllerRevision + listKind: ControllerRevisionList + plural: controllerrevisions + singular: controllerrevision + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ControllerRevision + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + children: + items: + properties: + apiGroup: + type: string + kind: + type: string + names: + items: + type: string + type: array + required: + - apiGroup + - kind + - names + type: object + type: array + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + parentPatch: + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - parentPatch + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.kubernetes.io: unapproved, request not yet submitted + controller-gen.kubebuilder.io/version: v0.13.0 + name: decoratorcontrollers.metacontroller.k8s.io +spec: + group: metacontroller.k8s.io + names: + kind: DecoratorController + listKind: DecoratorControllerList + plural: decoratorcontrollers + shortNames: + - dec + - decorators + singular: decoratorcontroller + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: DecoratorController + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + attachments: + items: + properties: + apiVersion: + type: string + resource: + type: string + updateStrategy: + properties: + method: + enum: + - OnDelete + - Recreate + - InPlace + - RollingRecreate + - RollingInPlace + type: string + type: object + required: + - apiVersion + - resource + type: object + type: array + hooks: + properties: + customize: + properties: + version: + default: v1 + enum: + - v1 + - v2 + type: string + webhook: + properties: + etag: + properties: + cacheCleanupSeconds: + format: int32 + type: integer + cacheTimeoutSeconds: + format: int32 + type: integer + enabled: + type: boolean + type: object + path: + type: string + responseUnMarshallMode: + description: Sets the json unmarshall mode. One of the + 'loose' or 'strict'. In 'strict' mode additional checks + are performed to detect unknown and duplicated fields. + enum: + - loose + - strict + type: string + service: + properties: + name: + type: string + namespace: + type: string + port: + format: int32 + type: integer + protocol: + type: string + required: + - name + - namespace + type: object + timeout: + format: duration + type: string + url: + type: string + type: object + type: object + finalize: + properties: + version: + default: v1 + enum: + - v1 + - v2 + type: string + webhook: + properties: + etag: + properties: + cacheCleanupSeconds: + format: int32 + type: integer + cacheTimeoutSeconds: + format: int32 + type: integer + enabled: + type: boolean + type: object + path: + type: string + responseUnMarshallMode: + description: Sets the json unmarshall mode. One of the + 'loose' or 'strict'. In 'strict' mode additional checks + are performed to detect unknown and duplicated fields. + enum: + - loose + - strict + type: string + service: + properties: + name: + type: string + namespace: + type: string + port: + format: int32 + type: integer + protocol: + type: string + required: + - name + - namespace + type: object + timeout: + format: duration + type: string + url: + type: string + type: object + type: object + sync: + properties: + version: + default: v1 + enum: + - v1 + - v2 + type: string + webhook: + properties: + etag: + properties: + cacheCleanupSeconds: + format: int32 + type: integer + cacheTimeoutSeconds: + format: int32 + type: integer + enabled: + type: boolean + type: object + path: + type: string + responseUnMarshallMode: + description: Sets the json unmarshall mode. One of the + 'loose' or 'strict'. In 'strict' mode additional checks + are performed to detect unknown and duplicated fields. + enum: + - loose + - strict + type: string + service: + properties: + name: + type: string + namespace: + type: string + port: + format: int32 + type: integer + protocol: + type: string + required: + - name + - namespace + type: object + timeout: + format: duration + type: string + url: + type: string + type: object + type: object + type: object + resources: + items: + properties: + annotationSelector: + properties: + matchAnnotations: + additionalProperties: + type: string + type: object + matchExpressions: + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + apiVersion: + type: string + labelSelector: + description: A label selector is a label query over a set of + resources. The result of matchLabels and matchExpressions + are ANDed. An empty label selector matches all objects. A + null label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + resource: + type: string + required: + - apiVersion + - resource + type: object + type: array + resyncPeriodSeconds: + format: int32 + type: integer + required: + - resources + type: object + status: + type: object + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/metacontroller/templates/clusterrole.yaml b/packs/kubeflow-1.9.1/charts/metacontroller/templates/clusterrole.yaml new file mode 100644 index 00000000..1dd5e4e1 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/metacontroller/templates/clusterrole.yaml @@ -0,0 +1,32 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kubeflow-metacontroller +rules: +- apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "list", "watch", "update"] +- apiGroups: [""] + resources: ["namespaces/status"] + verbs: ["get", "list", "watch", "update", "patch"] +- apiGroups: [""] + resources: ["secrets", "configmaps"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] +- apiGroups: ["apps"] + resources: ["deployments"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] +- apiGroups: [""] + resources: ["services"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] +- apiGroups: ["networking.istio.io"] + resources: ["destinationrules"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] +- apiGroups: ["security.istio.io"] + resources: ["authorizationpolicies"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] +- apiGroups: ["metacontroller.k8s.io"] + resources: ["compositecontrollers", "controllerrevisions", "decoratorcontrollers"] + verbs: ["get", "list", "watch"] +- apiGroups: [""] + resources: ["events"] + verbs: ["create", "patch"] \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/metacontroller/templates/clusterrolebinding.yaml b/packs/kubeflow-1.9.1/charts/metacontroller/templates/clusterrolebinding.yaml new file mode 100644 index 00000000..1f7ee8dc --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/metacontroller/templates/clusterrolebinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: meta-controller-cluster-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kubeflow-metacontroller +subjects: +- kind: ServiceAccount + name: meta-controller-service + namespace: {{ .Release.Namespace }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/metacontroller/templates/serviceaccount.yaml b/packs/kubeflow-1.9.1/charts/metacontroller/templates/serviceaccount.yaml new file mode 100644 index 00000000..57aff05c --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/metacontroller/templates/serviceaccount.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: meta-controller-service \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/metacontroller/templates/statefulset.yaml b/packs/kubeflow-1.9.1/charts/metacontroller/templates/statefulset.yaml new file mode 100644 index 00000000..78a7839f --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/metacontroller/templates/statefulset.yaml @@ -0,0 +1,54 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + app: metacontroller + name: metacontroller +spec: + replicas: 1 + selector: + matchLabels: + app: metacontroller + serviceName: "" + template: + metadata: + labels: + app: metacontroller + sidecar.istio.io/inject: "false" + spec: + containers: + - resources: + limits: + cpu: '1' + memory: 1Gi + requests: + cpu: 100m + memory: 256Mi + command: ["/usr/bin/metacontroller"] + args: + - --zap-log-level=4 + - --discovery-interval=3600s + livenessProbe: + httpGet: + port: 8081 + path: /healthz + readinessProbe: + httpGet: + port: 8081 + path: /readyz + securityContext: + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + privileged: false + allowPrivilegeEscalation: false + name: metacontroller + image: 'ghcr.io/metacontroller/metacontroller:v4.11.22' + serviceAccountName: meta-controller-service + # Workaround for https://github.com/kubernetes-sigs/kustomize/issues/677 + volumeClaimTemplates: [] \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/metacontroller/values_lint.yaml b/packs/kubeflow-1.9.1/charts/metacontroller/values_lint.yaml new file mode 100644 index 00000000..e69de29b diff --git a/packs/kubeflow-1.9.1/charts/profile-0.1.0.tgz b/packs/kubeflow-1.9.1/charts/profile-0.1.0.tgz new file mode 100644 index 00000000..96412641 Binary files /dev/null and b/packs/kubeflow-1.9.1/charts/profile-0.1.0.tgz differ diff --git a/packs/kubeflow-1.9.1/charts/profile/.helmignore b/packs/kubeflow-1.9.1/charts/profile/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/profile/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/packs/kubeflow-1.9.1/charts/profile/Chart.yaml b/packs/kubeflow-1.9.1/charts/profile/Chart.yaml new file mode 100644 index 00000000..633fac13 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/profile/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: profile +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/packs/kubeflow-1.9.1/charts/profile/templates/_helpers.tpl b/packs/kubeflow-1.9.1/charts/profile/templates/_helpers.tpl new file mode 100644 index 00000000..c6f57c0c --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/profile/templates/_helpers.tpl @@ -0,0 +1,51 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "profile.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "profile.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "profile.labels" -}} +helm.sh/chart: {{ include "profile.chart" . }} +{{ include "profile.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Common selector labels +*/}} +{{- define "profile.selectorLabels" -}} +app.kubernetes.io/name: {{ include "profile.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Resource Names. +*/}} +{{- define "profile.authorizationpolicy.name" -}} +{{- printf "%s-%s" "ext-auth" .Values.istioIntegration.envoyExtAuthzHttpExtensionProviderName }} +{{- end }} + +{{/* +Parse user email. +*/}} +{{- define "profile.parseUserEmail" -}} +{{- $email := . }} +{{- $pattern := "[.@_]" }} +{{- $replacement := "-" }} +{{- $modifiedEmail := regexReplaceAll $pattern $email $replacement }} +{{- printf "%s-%s" "user" (lower $modifiedEmail) }} +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/profile/templates/authorizationpolicy.contributor.yaml b/packs/kubeflow-1.9.1/charts/profile/templates/authorizationpolicy.contributor.yaml new file mode 100644 index 00000000..26f90356 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/profile/templates/authorizationpolicy.contributor.yaml @@ -0,0 +1,28 @@ +{{- if .Values.istioIntegration.enabled -}} + +apiVersion: security.istio.io/v1beta1 +kind: AuthorizationPolicy +metadata: + labels: + {{- include "profile.labels" . | nindent 4 }} + name: contributors + namespace: {{ .Release.Name }} +spec: + rules: + - when: + - key: request.headers[{{ .Values.auth.userHeaderName }}] + values: + {{- range $i, $val := (.Values.contributors | default list) }} + - {{ $val }} + {{- end }} + {{/* + Currently the AuthorizationPolicy ns-owner-access-istio created by profiles-controller + specifies that user can only route through a istio-ingressgateway-service-account SA. + This SA name is deprecated. This AuthorizationPolicy defines more granular access and + has to specify access for the owner as well because of the SA mismatch. + */}} + {{- with (.Values.owner | default dict).name }} + - {{ . }} + {{- end -}} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/profile/templates/authorizationpolicy.ext-auth.yaml b/packs/kubeflow-1.9.1/charts/profile/templates/authorizationpolicy.ext-auth.yaml new file mode 100644 index 00000000..e3b688cf --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/profile/templates/authorizationpolicy.ext-auth.yaml @@ -0,0 +1,20 @@ +{{- if and + .Values.istioIntegration.enabled + .Values.istioIntegration.createExtAuthHttpAuthorizationPolicy +-}} + +apiVersion: security.istio.io/v1beta1 +kind: AuthorizationPolicy +metadata: + labels: + {{- include "profile.labels" . | nindent 4 }} + name: {{ include "profile.authorizationpolicy.name" . }} + namespace: {{ .Release.Name }} +spec: + action: CUSTOM + provider: + name: {{ .Values.istioIntegration.envoyExtAuthzHttpExtensionProviderName }} + rules: + - {} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/profile/templates/profile.yaml b/packs/kubeflow-1.9.1/charts/profile/templates/profile.yaml new file mode 100644 index 00000000..19540213 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/profile/templates/profile.yaml @@ -0,0 +1,21 @@ +apiVersion: kubeflow.org/v1 +kind: Profile +metadata: + labels: + {{- include "profile.labels" . | nindent 4 }} + name: {{ .Release.Name }} +spec: + {{- with .Values.owner }} + owner: + {{- toYaml . | nindent 4}} + {{- end }} + + {{- with .Values.resourceQuotaSpec }} + resourceQuotaSpec: + {{- toYaml . | nindent 4}} + {{- end }} + + {{- with .Values.plugins }} + plugins: + {{- toYaml . | nindent 2 }} + {{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/profile/templates/rolebinding.contributor.yaml b/packs/kubeflow-1.9.1/charts/profile/templates/rolebinding.contributor.yaml new file mode 100644 index 00000000..892fe532 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/profile/templates/rolebinding.contributor.yaml @@ -0,0 +1,26 @@ +{{ $namespace := .Release.Name }} +{{ $role := "edit" }} +{{ $clusterRoleName := "kubeflow-edit" }} + +{{- range $i, $contributor := .Values.contributors }} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + {{- include "profile.labels" $ | nindent 4 }} + annotations: + role: {{ $role }} + user: {{ $contributor }} + name: {{ include "profile.parseUserEmail" $contributor }} + namespace: {{ $namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ $clusterRoleName }} +subjects: +- apiGroup: rbac.authorization.k8s.io + kind: User + name: {{ $contributor }} + +{{- end }} \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/charts/profile/values_lint.yaml b/packs/kubeflow-1.9.1/charts/profile/values_lint.yaml new file mode 100644 index 00000000..426cb137 --- /dev/null +++ b/packs/kubeflow-1.9.1/charts/profile/values_lint.yaml @@ -0,0 +1,28 @@ +nameOverride: "" + +plugins: +# - kind: AwsIamForServiceAccount +# spec: +# awsIamRole: arn:aws:iam::account-id:role/s3-reader + +owner: + # kind: User + # name: test-user@kubeflow.org + +resourceQuotaSpec: + +istioIntegration: + enabled: true + createExtAuthHttpAuthorizationPolicy: true + envoyExtAuthzHttpExtensionProviderName: oauth2-proxy + +auth: + userHeaderName: kubeflow-userid + +# Currently not used +# kubeflowClusterRoleNames: +# edit: kubeflow-edit +# view: kubeflow-view + +contributors: +# - user@example.com \ No newline at end of file diff --git a/packs/kubeflow-1.9.1/logo.png b/packs/kubeflow-1.9.1/logo.png new file mode 100644 index 00000000..f29aa94b Binary files /dev/null and b/packs/kubeflow-1.9.1/logo.png differ diff --git a/packs/kubeflow-1.9.1/pack.json b/packs/kubeflow-1.9.1/pack.json new file mode 100644 index 00000000..d9b6a272 --- /dev/null +++ b/packs/kubeflow-1.9.1/pack.json @@ -0,0 +1,20 @@ +{ + "addonType":"ai", + "annotations": { + "source": "community", + "contributor" : "spectrocloud" + }, + "cloudTypes": [ + "all" + ], + "displayName": "Kubeflow", + "charts": [ + "charts/metacontroller-4.11.22.tgz", + "charts/kubeflow-0.5.1.tgz", + "charts/kserve-0.13.0.tgz", + "charts/profile-0.1.0.tgz" + ], + "layer": "addon", + "name": "kubeflow", + "version": "1.9.1" +} diff --git a/packs/kubeflow-1.9.1/values.yaml b/packs/kubeflow-1.9.1/values.yaml new file mode 100644 index 00000000..714e7383 --- /dev/null +++ b/packs/kubeflow-1.9.1/values.yaml @@ -0,0 +1,2097 @@ +pack: + content: + images: [] + namespace: kubeflow + releaseNameOverride: + kubeflow: kubeflow + profile: kubeflow-profile +charts: + kserve: {} + metacontroller: {} + profile: + nameOverride: "" + + plugins: [] + # - kind: AwsIamForServiceAccount + # spec: + # awsIamRole: arn:aws:iam::account-id:role/s3-reader + + owner: {} # You must specify something here + # kind: User + # name: test-user@kubeflow.org + + resourceQuotaSpec: {} + + istioIntegration: + enabled: true + createExtAuthHttpAuthorizationPolicy: true + envoyExtAuthzHttpExtensionProviderName: oauth2-proxy + + auth: + userHeaderName: kubeflow-userid + + # Currently not used + # kubeflowClusterRoleNames: + # edit: kubeflow-edit + # view: kubeflow-view + + contributors: [] # You must specify something here + # - user@example.com + + kubeflow: + # NOTE: try disabling cache in the ml-pipeline + # or, try using newer version + + # This namespace allows you to define where the services will be installed into + # if not set then they will use the namespace of the release + # This is helpful when installing Kubeflow as a chart dependency (sub chart). + namespace: "" + + # one of ['cluster', 'namespace'] + # 'namespace' is not yet fully supported. + # Maybe rename to 'deploymentScope'? + deploymentMode: cluster + + imagePullSecrets: [] + nameOverride: "" + fullnameOverride: "" + + auth: + userHeaderName: kubeflow-userid + groupsHeaderName: kubeflow-groups + authHeader: + name: Authorization + prefix: "Bearer " + userIdPrefix: "" + + clusterDomain: cluster.local + + defaults: + image: + registry: docker.io + pullPolicy: IfNotPresent + autoscaling: + # If autoscaling is disabled, replica count for a component is equal to minReplicas. + enabled: false + minReplicas: 1 + maxReplicas: 3 + targetCPUUtilizationPercentage: 80 + targetMemoryUtilizationPercentage: 80 + podDisruptionBudget: {} + nodeSelector: {} + tolerations: [] + affinity: {} + topologySpreadConstraints: + terminationGracePeriodSeconds: + containerSecurityContext: + + admissionWebhook: + enabled: true + image: + repository: kubeflownotebookswg/poddefaults-webhook + tag: v1.9.2 + registryOverwrite: + pullPolicyOverwrite: + resources: + {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + service: + create: true + annotations: + type: ClusterIP + port: 443 + targetPort: 4443 + autoscaling: + # If autoscaling is disabled, replica count for a component is equal to minReplicas. + enabled: + minReplicas: + maxReplicas: + targetCPUUtilizationPercentage: + targetMemoryUtilizationPercentage: + podDisruptionBudget: {} + rbac: + create: true + serviceAccount: + create: true + name: + annotations: + nodeSelector: + tolerations: + affinity: + topologySpreadConstraints: + containerSecurityContext: + + centraldashboard: + enabled: true + image: + repository: kubeflownotebookswg/centraldashboard + tag: v1.9.2 + registryOverwrite: + pullPolicyOverwrite: + resources: + {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + service: + create: true + annotations: + type: ClusterIP + autoscaling: + # If autoscaling is disabled, replica count for a component is equal to minReplicas. + enabled: + minReplicas: + maxReplicas: + targetCPUUtilizationPercentage: + targetMemoryUtilizationPercentage: + podDisruptionBudget: {} + rbac: + create: true + serviceAccount: + create: true + name: + annotations: + nodeSelector: + tolerations: + affinity: + topologySpreadConstraints: + containerSecurityContext: + config: + # This enables the automatic profile creation. + enableRegistrationFlow: false + logoutURL: "/oauth2/sign_out" + forceIFrame: true + links: + externalLinks: + menuLinks: + - type: item + link: /jupyter/ + text: Notebooks + icon: book + + - type: item + link: /tensorboards/ + text: Tensorboards + icon: assessment + + - type: item + link: /volumes/ + text: Volumes + icon: device:storage + + - type: item + link: /katib/ + text: Katib Experiments + icon: kubeflow:katib + + - type: item + link: /kserve-endpoints/ + text: KServe Endpoints + icon: kubeflow:models + + - icon: kubeflow:pipeline-centered + items: + - type: item + text: Pipelines + link: /pipeline/#/pipelines + + - type: item + text: Experiments + link: /pipeline/#/experiments + + - type: item + text: Runs + link: /pipeline/#/runs + + - type: item + text: Recurring Runs + link: /pipeline/#/recurringruns + + - type: item + text: Artifacts + link: /pipeline/#/artifacts + + - type: item + text: Executions + link: /pipeline/#/executions + text: Pipelines + type: section + quickLinks: + - text: Create a new Notebook + desc: Kubeflow Notebooks + link: /jupyter/new + - text: Upload a Pipeline + desc: Kubeflow Pipelines + link: /pipeline/#/pipelines + - text: View Pipeline Runs + desc: Notebook Servers + link: /pipeline/#/runs + documentationItems: + - text: Kubeflow Website + desc: The Kubeflow website + link: https://www.kubeflow.org/ + - text: Kubeflow Pipelines Documentation + desc: Documentation for Kubeflow Pipelines + link: https://www.kubeflow.org/docs/components/pipelines/ + - text: Kubeflow Notebooks Documentation + desc: Documentation for Kubeflow Notebooks + link: https://www.kubeflow.org/docs/components/notebooks/ + - text: Kubeflow Training Operator Documentation + desc: Documentation for Kubeflow Training Operator + link: https://www.kubeflow.org/docs/components/training/" + - text: Katib Documentation + desc: Documentation for Katib + link: https://www.kubeflow.org/docs/components/katib/ + + notebooks: + enabled: true + jupyterWebApp: + enabled: true + image: + repository: kubeflownotebookswg/jupyter-web-app + tag: v1.9.2 + registryOverwrite: + pullPolicyOverwrite: + resources: + {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + service: + create: true + annotations: + type: ClusterIP + autoscaling: + # If autoscaling is disabled, replica count for a component is equal to minReplicas. + enabled: + minReplicas: + maxReplicas: + targetCPUUtilizationPercentage: + targetMemoryUtilizationPercentage: + podDisruptionBudget: {} + rbac: + create: true + serviceAccount: + create: true + name: + annotations: + nodeSelector: + tolerations: + affinity: + topologySpreadConstraints: + containerSecurityContext: + # TODO: embed into config + urlPrefix: /jupyter + uiFlavor: default + secureCookies: true + logos: + # if this is defined, the configmap with logos will not be created but + # the one provided with customConfigMap will be used. + customConfigMap: + # if below values are defined, those will be used for the icons + # instead of defaults + icons: + jupyterIconSvg: + jupyterLabLogoSvg: + groupOneIconSvg: + groupOneLogoSvg: + groupTwoIconSvg: + groupTwoLogoSvg: + spawnerFormDefaults: + # -------------------------------------------------------------- + # Configuration file for the Kubeflow Notebooks UI. + # + # About the `readOnly` configs: + # - when `readOnly` is set to "true", the respective option + # will be disabled for users and only set by the admin + # - when 'readOnly' is missing, it defaults to 'false' + # -------------------------------------------------------------- + + ################################################################ + # Container Images + ################################################################ + # if users can input custom images, or only select from dropdowns + allowCustomImage: true + + # if the registry of the container image is hidden from display + hideRegistry: true + + # if the tag of the container image is hidden from display + hideTag: false + + # configs for the ImagePullPolicy + imagePullPolicy: + readOnly: false + + # the default ImagePullPolicy + # (possible values: "Always", "IfNotPresent", "Never") + value: IfNotPresent + + ################################################################ + # Jupyter-like Container Images + # + # NOTES: + # - the `image` section is used for "Jupyter-like" apps whose + # HTTP path is configured by the "NB_PREFIX" environment variable + ################################################################ + image: + # the default container image + value: kubeflownotebookswg/jupyter-scipy:v1.9.2 + + # the list of available container images in the dropdown + options: + - kubeflownotebookswg/jupyter-scipy:v1.9.2 + - kubeflownotebookswg/jupyter-pytorch-full:v1.9.2 + - kubeflownotebookswg/jupyter-pytorch-cuda-full:v1.9.2 + - kubeflownotebookswg/jupyter-tensorflow-full:v1.9.2 + - kubeflownotebookswg/jupyter-tensorflow-cuda-full:v1.9.2 + + ################################################################ + # VSCode-like Container Images (Group 1) + # + # NOTES: + # - the `imageGroupOne` section is used for "VSCode-like" apps that + # expose themselves under the HTTP root path "/" and support path + # rewriting without breaking + # - the annotation `notebooks.kubeflow.org/http-rewrite-uri: "/"` is + # set on Notebooks spawned by this group, to make Istio rewrite + # the path of HTTP requests to the HTTP root + ################################################################ + imageGroupOne: + # the default container image + value: kubeflownotebookswg/codeserver-python:v1.9.2 + + # the list of available container images in the dropdown + options: + - kubeflownotebookswg/codeserver-python:v1.9.2 + + ################################################################ + # RStudio-like Container Images (Group 2) + # + # NOTES: + # - the `imageGroupTwo` section is used for "RStudio-like" apps whose + # HTTP path is configured by the "X-RStudio-Root-Path" header + # - the annotation `notebooks.kubeflow.org/http-rewrite-uri: "/"` is + # set on Notebooks spawned by this group, to make Istio rewrite + # the path of HTTP requests to the HTTP root + # - the annotation `notebooks.kubeflow.org/http-headers-request-set` is + # set on Notebooks spawned by this group, such that Istio injects the + # "X-RStudio-Root-Path" header to all request + ################################################################ + imageGroupTwo: + # the default container image + value: kubeflownotebookswg/rstudio-tidyverse:v1.9.2 + + # the list of available container images in the dropdown + options: + - kubeflownotebookswg/rstudio-tidyverse:v1.9.2 + + ################################################################ + # CPU Resources + ################################################################ + cpu: + readOnly: false + + # the default cpu request for the container + value: "0.5" + + # a factor by which to multiply the CPU request calculate the cpu limit + # (to disable cpu limits, set as "none") + limitFactor: "1.2" + + ################################################################ + # Memory Resources + ################################################################ + memory: + readOnly: false + + # the default memory request for the container + value: "1.0Gi" + + # a factor by which to multiply the memory request calculate the memory limit + # (to disable memory limits, set as "none") + limitFactor: "1.2" + + ################################################################ + # GPU/Device-Plugin Resources + ################################################################ + gpus: + readOnly: false + + # configs for gpu/device-plugin limits of the container + # https://kubernetes.io/docs/tasks/manage-gpus/scheduling-gpus/#using-device-plugins + value: + # the `limitKey` of the default vendor + # (to have no default, set as "") + vendor: "" + + # the list of available vendors in the dropdown + # `limitsKey` - what will be set as the actual limit + # `uiName` - what will be displayed in the dropdown UI + vendors: + - limitsKey: "nvidia.com/gpu" + uiName: "NVIDIA" + - limitsKey: "amd.com/gpu" + uiName: "AMD" + + # the default value of the limit + # (possible values: "none", "1", "2", "4", "8") + num: "none" + + ################################################################ + # Workspace Volumes + ################################################################ + workspaceVolume: + readOnly: false + + # the default workspace volume to be created and mounted + # (to have no default, set `value: null`) + value: + mount: /home/jovyan + + # pvc configs for creating new workspace volumes + # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#persistentvolumeclaim-v1-core + newPvc: + metadata: + # "{notebook-name}" is replaced with the Notebook name + name: "{notebook-name}-workspace" + spec: + # storageClassName: my-storage-class + resources: + requests: + storage: 5Gi + accessModes: + - ReadWriteOnce + + ################################################################ + # Data Volumes + ################################################################ + dataVolumes: + readOnly: false + + # a list of additional data volumes to be created and/or mounted + value: [] + # value: + # - mount: /home/jovyan/datavol-1 + # newPvc: + # metadata: + # name: "{notebook-name}-datavol-1" + # spec: + # resources: + # requests: + # storage: 5Gi + # accessModes: + # - ReadWriteOnce + # + # - mount: /home/jovyan/datavol-1 + # existingSource: + # persistentVolumeClaim: + # claimName: "test-pvc" + + ################################################################ + # Affinity + ################################################################ + affinityConfig: + readOnly: false + + # the `configKey` of the default affinity config + # (to have no default, set as "") + # (if `readOnly`, the default `value` will be the only accessible option) + value: "" + + # the list of available affinity configs in the dropdown + options: [] + # options: + # - configKey: "dedicated_node_per_notebook" + # displayName: "Dedicated Node Per Notebook" + # affinity: + # # Require a Node with label `lifecycle=kubeflow-notebook` + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchExpressions: + # - key: "lifecycle" + # operator: "In" + # values: + # - "kubeflow-notebook" + # + # # Require a Node WITHOUT an existing Pod having `notebook-name` label + # podAntiAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # - labelSelector: + # matchExpressions: + # - key: "notebook-name" + # operator: "Exists" + # topologyKey: "kubernetes.io/hostname" + # # WARNING: `namespaceSelector` is Beta in 1.22 and Stable in 1.24, + # # setting to {} is required for affinity to work across Namespaces + # namespaceSelector: {} + + ################################################################ + # Tolerations + ################################################################ + tolerationGroup: + readOnly: false + + # the `groupKey` of the default toleration group + # (to have no default, set as "") + # (if `readOnly`, the default `value` will be the only accessible option) + value: "" + + # the list of available toleration groups in the dropdown + options: [] + # options: + # - groupKey: "group_1" + # displayName: "4 CPU 8Gb Mem at ~$X.XXX USD per day" + # tolerations: + # - key: "dedicated" + # operator: "Equal" + # value: "kubeflow-c5.xlarge" + # effect: "NoSchedule" + # + # - groupKey: "group_2" + # displayName: "8 CPU 16Gb Mem at ~$X.XXX USD per day" + # tolerations: + # - key: "dedicated" + # operator: "Equal" + # value: "kubeflow-c5.2xlarge" + # effect: "NoSchedule" + # + # - groupKey: "group_3" + # displayName: "16 CPU 32Gb Mem at ~$X.XXX USD per day" + # tolerations: + # - key: "dedicated" + # operator: "Equal" + # value: "kubeflow-c5.4xlarge" + # effect: "NoSchedule" + # + # - groupKey: "group_4" + # displayName: "32 CPU 256Gb Mem at ~$X.XXX USD per day" + # tolerations: + # - key: "dedicated" + # operator: "Equal" + # value: "kubeflow-r5.8xlarge" + # effect: "NoSchedule" + + ################################################################ + # Shared Memory + ################################################################ + shm: + readOnly: false + + # the default state of the "Enable Shared Memory" toggle + value: true + + ################################################################ + # PodDefaults + ################################################################ + configurations: + readOnly: false + + # the list of PodDefault names that are selected by default + # (take care to ensure these PodDefaults exist in Profile Namespaces) + value: [] + # value: + # - my-pod-default + + ################################################################ + # Environment + # + # NOTE: + # - these configs are only used by the ROK "flavor" of the UI + ################################################################ + environment: + readOnly: false + value: {} + controller: + enabled: true + image: + repository: kubeflownotebookswg/notebook-controller + tag: v1.9.2 + registryOverwrite: + pullPolicyOverwrite: + resources: + {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + service: + create: true + annotations: + type: ClusterIP + autoscaling: + # If autoscaling is disabled, replica count for a component is equal to minReplicas. + enabled: + minReplicas: + maxReplicas: + targetCPUUtilizationPercentage: + targetMemoryUtilizationPercentage: + podDisruptionBudget: {} + rbac: + create: true + serviceAccount: + create: true + name: + annotations: + nodeSelector: + tolerations: + affinity: + topologySpreadConstraints: + containerSecurityContext: + config: + culling: + enabled: false + idleTimeMinutes: 1440 + idleCheckPeriodMinutes: 1 + volumesWebApp: + enabled: true + image: + repository: kubeflownotebookswg/volumes-web-app + tag: v1.9.2 + registryOverwrite: + pullPolicyOverwrite: + resources: + {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + service: + create: true + annotations: + type: ClusterIP + autoscaling: + # If autoscaling is disabled, replica count for a component is equal to minReplicas. + enabled: + minReplicas: + maxReplicas: + targetCPUUtilizationPercentage: + targetMemoryUtilizationPercentage: + podDisruptionBudget: {} + rbac: + create: true + serviceAccount: + create: true + name: + annotations: + nodeSelector: + tolerations: + affinity: + topologySpreadConstraints: + containerSecurityContext: + config: + urlPrefix: /volumes + secureCookies: true + viewer: + image: + repository: filebrowser/filebrowser + tag: v2.25.0 + registryOverwrite: + pullPolicyOverwrite: + serviceAccountName: default-editor + pvcviewerController: + enabled: true + manager: + image: + repository: kubeflownotebookswg/pvcviewer-controller + tag: v1.9.2 + registryOverwrite: + pullPolicyOverwrite: + service: + create: true + annotations: + type: ClusterIP + webhook: + port: 9443 + resources: + {} + # limits: + # cpu: 500m + # memory: 128Mi + # requests: + # cpu: 10m + # memory: 64Mi + containerSecurityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + kubeRbacProxy: + image: + repository: kubebuilder/kube-rbac-proxy + tag: v0.13.1 + registryOverwrite: gcr.io + pullPolicyOverwrite: + service: + create: true + annotations: + type: ClusterIP + resources: + {} + # limits: + # cpu: 500m + # memory: 128Mi + # requests: + # cpu: 5m + # memory: 64Mi + containerSecurityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + autoscaling: + # If autoscaling is disabled, replica count for a component is equal to minReplicas. + enabled: + minReplicas: + maxReplicas: + targetCPUUtilizationPercentage: + targetMemoryUtilizationPercentage: + podDisruptionBudget: {} + rbac: + create: true + serviceAccount: + create: true + name: + annotations: + nodeSelector: + tolerations: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - amd64 + - arm64 + - ppc64le + - s390x + - key: kubernetes.io/os + operator: In + values: + - linux + topologySpreadConstraints: + terminationGracePeriodSeconds: 10 + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + + kserveModelsWebApp: + enabled: true + image: + repository: kserve/models-web-app + tag: v0.13.0 + registryOverwrite: + pullPolicyOverwrite: + resources: + {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + serviceAccount: + create: true + name: + annotations: + service: + create: true + annotations: + type: ClusterIP + rbac: + create: true + config: + urlPrefix: /kserve-endpoints + nodeSelector: + tolerations: + affinity: + topologySpreadConstraints: + autoscaling: + # If autoscaling is disabled, replica count for a component is equal to minReplicas. + enabled: + minReplicas: + maxReplicas: + targetCPUUtilizationPercentage: + targetMemoryUtilizationPercentage: + + profilesController: + enabled: true + kfam: + image: + repository: kubeflownotebookswg/kfam + tag: v1.9.2 + registryOverwrite: + pullPolicyOverwrite: + service: + create: true + annotations: + type: ClusterIP + config: + urlPrefix: /kfam + manager: + image: + repository: kubeflownotebookswg/profile-controller + tag: v1.9.2 + registryOverwrite: + pullPolicyOverwrite: + resources: + {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + autoscaling: + # If autoscaling is disabled, replica count for a component is equal to minReplicas. + enabled: + minReplicas: + maxReplicas: + targetCPUUtilizationPercentage: + targetMemoryUtilizationPercentage: + podDisruptionBudget: {} + rbac: + create: true + serviceAccount: + create: true + name: + annotations: + nodeSelector: + tolerations: + affinity: + topologySpreadConstraints: + containerSecurityContext: + config: + admin: + workloadIdentity: + defaultNamespaceLabels: + # Below is a list of labels to be set by default. + # + # To add a namespace label, use `key: 'value'`, for example: + # istio.io/rev: 'asm-191-1' + # + # To remove a namespace label, use `key: ''`. For example: + # istio-injection: '' + # + # Profile controller will not replace a namespace label if its key already + # exists. If you want to override the value of a previously applied label, you + # need to: + # 1. Remove the label by using `key: ''` and deploy. + # 2. Add the label by using `key: 'value'` and deploy. + # + katib.kubeflow.org/metrics-collector-injection: "enabled" + serving.kubeflow.org/inferenceservice: "enabled" + pipelines.kubeflow.org/enabled: "true" + app.kubernetes.io/part-of: "kubeflow-profile" + extraNamespaceLabels: + + katib: + urlPrefix: /katib + enabled: true + controller: + enabled: true + name: katib-controller + image: + repository: kubeflowkatib/katib-controller + tag: v0.17.0 + registryOverwrite: + pullPolicyOverwrite: + autoscaling: + # If autoscaling is disabled, replica count for a component is equal to minReplicas. + enabled: + minReplicas: + maxReplicas: + targetCPUUtilizationPercentage: + targetMemoryUtilizationPercentage: + service: + create: true + annotations: + prometheus.io/port: "8080" + prometheus.io/scheme: http + prometheus.io/scrape: "true" + + webhook: + port: 443 + targetPort: 8443 + metrics: + port: 8080 + targetPort: 8080 + healthz: + port: 18080 + targetPort: 18080 + + serviceAccount: + create: true + name: + annotations: + dbmanager: + enabled: true + name: katib-db-manager + image: + repository: kubeflowkatib/katib-db-manager + tag: v0.17.0 + registryOverwrite: + pullPolicyOverwrite: + autoscaling: + # If autoscaling is disabled, replica count for a component is equal to minReplicas. + enabled: + minReplicas: + maxReplicas: + targetCPUUtilizationPercentage: + targetMemoryUtilizationPercentage: + annotations: + sidecar.istio.io/inject: "false" + service: + create: true + annotations: + type: ClusterIP + config: + db: + existingSecretName: + driver: + value: mysql + secretKeyRef: + name: + key: driver + host: + value: katib-db + secretKeyRef: + name: + key: host + port: + value: 3306 + secretKeyRef: + name: + key: port + databaseName: + value: katib + secretKeyRef: + name: + key: databaseName + user: + value: root + secretKeyRef: + name: + key: username + password: + value: katib1234 + secretKeyRef: + name: + key: password + ui: + enabled: true + name: katib-ui + urlPrefix: /katib + image: + repository: kubeflowkatib/katib-ui + tag: v0.17.0 + registryOverwrite: + pullPolicyOverwrite: + serviceAccount: + create: true + name: + annotations: + service: + create: true + annotations: + istioIntegration: + create: true + enabled: true + authorizationMode: ingressgateway + gateway: + name: kubeflow-gateway + config: + init: + trialResources: + - Job.v1.batch + - TFJob.v1.kubeflow.org + - PyTorchJob.v1.kubeflow.org + - MPIJob.v1.kubeflow.org + - XGBoostJob.v1.kubeflow.org + - MXJob.v1.kubeflow.org + runtime: + metricsCollectors: + - kind: StdOut + image: docker.io/kubeflowkatib/file-metrics-collector:v0.17.0 + - kind: File + image: docker.io/kubeflowkatib/file-metrics-collector:v0.17.0 + - kind: TensorFlowEvent + image: docker.io/kubeflowkatib/tfevent-metrics-collector:v0.17.0 + resources: + limits: + memory: 1Gi + suggestions: + - algorithmName: random + image: docker.io/kubeflowkatib/suggestion-hyperopt:v0.17.0 + - algorithmName: tpe + image: docker.io/kubeflowkatib/suggestion-hyperopt:v0.17.0 + - algorithmName: grid + image: docker.io/kubeflowkatib/suggestion-optuna:v0.17.0 + - algorithmName: hyperband + image: docker.io/kubeflowkatib/suggestion-hyperband:v0.17.0 + - algorithmName: bayesianoptimization + image: docker.io/kubeflowkatib/suggestion-skopt:v0.17.0 + - algorithmName: cmaes + image: docker.io/kubeflowkatib/suggestion-goptuna:v0.17.0 + - algorithmName: sobol + image: docker.io/kubeflowkatib/suggestion-goptuna:v0.17.0 + - algorithmName: multivariate-tpe + image: docker.io/kubeflowkatib/suggestion-optuna:v0.17.0 + - algorithmName: enas + image: docker.io/kubeflowkatib/suggestion-enas:v0.17.0 + resources: + limits: + memory: 200Mi + - algorithmName: darts + image: docker.io/kubeflowkatib/suggestion-darts:v0.17.0 + - algorithmName: pbt + image: docker.io/kubeflowkatib/suggestion-pbt:v0.17.0 + persistentVolumeClaimSpec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 5Gi + earlyStoppings: + - algorithmName: medianstop + image: docker.io/kubeflowkatib/earlystopping-medianstop:v0.17.0 + + # TODO: verify patches in apps/pipeline/upstream/base/installs/multi-user + pipelines: + enabled: true + # NOTE: The Kubeflow Pipelines subcomponents contains special handling. It + # will first apply the global .Values.defaults.image, then look for + # .Values.pipelines.defaults.image and lastly for .Values.pipelines..image. + # This is primarily useful for setting global registry or Pipelines Container Tag. + defaults: + image: + registry: gcr.io + tag: 2.3.0 + pullPolicy: IfNotPresent + config: + # If this is empty, the kfp backend will automatically configure that with: + # "minio://mlpipeline/v2/artifacts" + # Please see the following links for referece: + # * <=2.1.0: https://github.com/kubeflow/pipelines/blob/2.1.0/backend/src/v2/config/env.go#L33 + # * >=2.2.0: https://github.com/kubeflow/pipelines/blob/2.2.0/backend/src/v2/config/env.go#L36 + # + # If we want to use s3, we should configure this with something similar to: + # s3://mlpipeline/v2/artifacts + # + # In 2.2.0 it's also possible to define bucket 'providers', which can be minio, s3 or gcs: + # * https://github.com/kubeflow/pipelines/blob/2.2.0/backend/src/v2/config/env.go#L45 + # * https://github.com/kubeflow/pipelines/blob/2.2.0/backend/src/v2/config/env.go#L151 + # * https://github.com/kubeflow/pipelines/blob/2.2.0/backend/src/v2/config/s3.go#L24 + defaultPipelineRoot: "" + + objectStore: + # The Secret Name 'mlpipeline-minio-artifact' is currently hardcoded: + # * <=2.1.0: + # https://github.com/kubeflow/pipelines/blob/2.1.0/backend/src/v2/objectstore/object_store.go#L292 + # * >=2.2.0 (state as of 2nd May 2024) + # https://github.com/kubeflow/pipelines/blob/2.2.0/backend/src/v2/config/env.go#L39 + # + # It's only possible to use either nil or 'mlpipeline-minio-artifact' for + # * .Values.pipelines.config.objectStore.existingSecretName + # * .Values.pipelines.config.objectStore.accessKey.secretKeyRef.name + # * .Values.pipelines.config.objectStore.secretAccessKey.secretKeyRef.name + # + # If the Secret Name is not provided in neither of the following, it will + # be created with plaintext values for compatibility: + # * .Values.pipelines.config.objectStore.existingSecretName + # * .Values.pipelines.config.objectStore.accessKey.secretKeyRef.name + # * .Values.pipelines.config.objectStore.secretAccessKey.secretKeyRef.name + existingSecretName: + accessKey: + value: minio + secretKeyRef: + name: + # The Secret Key 'accesskey' is currently hardcoded: + # https://github.com/kubeflow/pipelines/blob/2.1.0/backend/src/v2/objectstore/object_store.go#L324 + # https://github.com/kubeflow/pipelines/blob/2.2.0/backend/src/v2/config/env.go#L42 + key: accesskey + secretAccessKey: + value: minio123 + secretKeyRef: + name: + # The Secret Key 'secretkey' is currently hardcoded: + # https://github.com/kubeflow/pipelines/blob/2.1.0/backend/src/v2/objectstore/object_store.go#L325 + # https://github.com/kubeflow/pipelines/blob/2.2.0/backend/src/v2/config/env.go#L41 + key: secretkey + host: + value: pipelines-minio + secretKeyRef: + name: + key: host + port: + value: 9000 + secretKeyRef: + name: + key: port + region: + value: + secretKeyRef: + name: + key: region + secure: + value: false + secretKeyRef: + name: + key: secure + bucketName: + value: mlpipeline + secretKeyRef: + name: + key: bucketName + + db: + existingSecretName: + user: + value: root + secretKeyRef: + name: + key: username + password: + value: mysql1234 + secretKeyRef: + name: + key: password + host: + value: pipelines-db + secretKeyRef: + name: + key: host + port: + value: 3306 + secretKeyRef: + name: + key: port + mlmdDatabaseName: + value: metadb + secretKeyRef: + name: + key: mlmdDatabaseName + pipelineDatabaseName: + value: mlpipeline + secretKeyRef: + name: + key: pipelineDatabaseName + cacheDatabaseName: + value: cachedb + secretKeyRef: + name: + key: cacheDatabaseName + driver: + value: mysql + secretKeyRef: + name: + key: driver + conMaxLifetime: + value: 120s + secretKeyRef: + name: + key: conMaxLifetime + + cache: + enabled: true + image: + repository: ml-pipeline/cache-server + registryOverwrite: + tagOverwrite: + pullPolicyOverwrite: + resources: + # requests: + # cpu: + # memory: + # limits: + # cpu: + # memory: + service: + create: true + annotations: + type: ClusterIP + port: 443 + targetPort: 8443 + autoscaling: + # If autoscaling is disabled, replica count for a component is equal to minReplicas. + enabled: + minReplicas: + maxReplicas: + targetCPUUtilizationPercentage: + targetMemoryUtilizationPercentage: + podDisruptionBudget: {} + rbac: + create: true + serviceAccount: + create: true + name: + annotations: + nodeSelector: + tolerations: + affinity: + topologySpreadConstraints: + containerSecurityContext: + config: + ## defaultCacheStaleness and maximumCacheStaleness configures caching according to + ## https://www.kubeflow.org/docs/components/pipelines/overview/caching/ and + ## https://www.kubeflow.org/docs/components/pipelines/overview/caching-v2/. + ## This value is used if the user did not set a value in the pipeline. + ## defaultCacheStaleness: "P7D" + ## maximumCacheStaleness: "P30D" + defaultCacheStaleness: "" + maximumCacheStaleness: "" + ## ConMaxLifeTime will set the connection max lifetime for MySQL + ## this is very important to setup when using external databases. + ## See this issue for more details: https://github.com/kubeflow/pipelines/issues/5329 + ## Note: this value should be a string that can be parsed by `time.ParseDuration`. + ## If this value doesn't include a unit abbreviation, the units will be assumed + ## to be nanoseconds. + conMaxLifeTime: "120s" + ## cacheImage is the image that the mutating webhook will use to patch + ## cached steps with. Will be used to echo a message announcing that + ## the cached step result will be used. If not set it will default to + ## 'gcr.io/google-containers/busybox' + cacheImage: gcr.io/google-containers/busybox + ## cacheNodeRestrictions the dummy container running if output is cached + ## will run with the same affinity and node selector as the default pipeline + ## step. This is defaulted to 'false' to allow the pod to be scheduled on + ## any node and avoid defaulting to specific nodes. Allowed values are: + ## 'false' and 'true'. + cacheNodeRestrictions: "false" + + # --- + + mlPipeline: + # aka api-server + enabled: true + image: + repository: ml-pipeline/api-server + registryOverwrite: + tagOverwrite: + pullPolicyOverwrite: + resources: + requests: + cpu: 250m + memory: 500Mi + # limits: + # cpu: 500m + # memory: 1024Mi + service: + create: true + annotations: + type: ClusterIP + autoscaling: + # If autoscaling is disabled, replica count for a component is equal to minReplicas. + enabled: + minReplicas: + maxReplicas: + targetCPUUtilizationPercentage: + targetMemoryUtilizationPercentage: + podDisruptionBudget: {} + rbac: + create: true + serviceAccount: + create: true + name: + annotations: + nodeSelector: + tolerations: + affinity: + topologySpreadConstraints: + containerSecurityContext: + config: + # always use KF Pipeline latest version? + autoUpdatePipelineDefaultVersion: true + + persistenceAgent: + enabled: true + image: + repository: ml-pipeline/persistenceagent + registryOverwrite: + tagOverwrite: + pullPolicyOverwrite: + resources: + requests: + cpu: 120m + memory: 500Mi + # limits: + # cpu: 500m + # memory: 1024Mi + service: + create: true + annotations: + type: ClusterIP + autoscaling: + # If autoscaling is disabled, replica count for a component is equal to minReplicas. + enabled: + minReplicas: + maxReplicas: + targetCPUUtilizationPercentage: + targetMemoryUtilizationPercentage: + podDisruptionBudget: {} + rbac: + create: true + serviceAccount: + create: true + name: + annotations: + nodeSelector: + tolerations: + affinity: + topologySpreadConstraints: + containerSecurityContext: + config: + ttlSecondsAfterWorkflowFinish: 86400 + numWorkers: 2 + + scheduledWorkflow: + enabled: true + image: + repository: ml-pipeline/scheduledworkflow + registryOverwrite: + tagOverwrite: + pullPolicyOverwrite: + resources: + # requests: + # cpu: 250m + # memory: 500Mi + # limits: + # cpu: 500m + # memory: 1024Mi + service: + create: true + annotations: + type: ClusterIP + autoscaling: + # If autoscaling is disabled, replica count for a component is equal to minReplicas. + enabled: + minReplicas: + maxReplicas: + targetCPUUtilizationPercentage: + targetMemoryUtilizationPercentage: + podDisruptionBudget: {} + rbac: + create: true + serviceAccount: + create: true + name: + annotations: + nodeSelector: + tolerations: + affinity: + topologySpreadConstraints: + containerSecurityContext: + config: + cronScheduleTimezone: "UTC" + + ui: + enabled: true + image: + repository: ml-pipeline/frontend + registryOverwrite: + tagOverwrite: + pullPolicyOverwrite: + resources: + requests: + cpu: 10m + memory: 70Mi + # limits: + # cpu: 500m + # memory: 1024Mi + service: + create: true + annotations: + type: ClusterIP + autoscaling: + # If autoscaling is disabled, replica count for a component is equal to minReplicas. + enabled: + minReplicas: + maxReplicas: + targetCPUUtilizationPercentage: + targetMemoryUtilizationPercentage: + podDisruptionBudget: {} + rbac: + create: true + serviceAccount: + create: true + name: + annotations: + nodeSelector: + tolerations: + affinity: + topologySpreadConstraints: + containerSecurityContext: + config: + # Note from apps/pipeline/upstream/base/installs/multi-user/pipelines-ui/configmap-patch.yaml + # Temporary workarounds: + # 1. Using default-editor because default-viewer isn't bound to workload identity + viewerPodServiceAccountName: default-editor + allowCustomVisualizations: true + urlPrefix: /pipeline + + viewerCrd: + enabled: true + image: + repository: ml-pipeline/viewer-crd-controller + registryOverwrite: + tagOverwrite: + pullPolicyOverwrite: + resources: + # requests: + # cpu: + # memory: + # limits: + # cpu: + # memory: + service: + create: true + annotations: + type: ClusterIP + autoscaling: + # If autoscaling is disabled, replica count for a component is equal to minReplicas. + enabled: + minReplicas: + maxReplicas: + targetCPUUtilizationPercentage: + targetMemoryUtilizationPercentage: + podDisruptionBudget: {} + rbac: + create: true + serviceAccount: + create: true + name: + annotations: + nodeSelector: + tolerations: + affinity: + topologySpreadConstraints: + containerSecurityContext: + config: + maxNumViewers: 50 + + metadataWriter: + enabled: true + image: + repository: ml-pipeline/metadata-writer + registryOverwrite: + tagOverwrite: + pullPolicyOverwrite: + resources: + # requests: + # cpu: + # memory: + # limits: + # cpu: + # memory: + service: + create: true + annotations: + type: ClusterIP + autoscaling: + # If autoscaling is disabled, replica count for a component is equal to minReplicas. + enabled: + minReplicas: + maxReplicas: + targetCPUUtilizationPercentage: + targetMemoryUtilizationPercentage: + podDisruptionBudget: {} + rbac: + create: true + serviceAccount: + create: true + name: + annotations: + nodeSelector: + tolerations: + affinity: + topologySpreadConstraints: + containerSecurityContext: + config: + + # NOTE: defines istio sidecar injection but it doesn't work + # because it's in an annotation, not pod label. + metadataEnvoy: + enabled: true + image: + repository: ml-pipeline/metadata-envoy + registryOverwrite: + tagOverwrite: + pullPolicyOverwrite: + resources: + # requests: + # cpu: + # memory: + # limits: + # cpu: + # memory: + service: + create: true + annotations: + type: ClusterIP + autoscaling: + # If autoscaling is disabled, replica count for a component is equal to minReplicas. + enabled: + minReplicas: + maxReplicas: + targetCPUUtilizationPercentage: + targetMemoryUtilizationPercentage: + podDisruptionBudget: {} + serviceAccount: + create: false + name: + annotations: + nodeSelector: + tolerations: + affinity: + topologySpreadConstraints: + containerSecurityContext: + config: + + metadataGrpcServer: + enabled: true + image: + repository: tfx-oss-public/ml_metadata_store_server + registryOverwrite: + tagOverwrite: 1.14.0 + pullPolicyOverwrite: + resources: + # requests: + # cpu: + # memory: + # limits: + # cpu: + # memory: + service: + create: true + annotations: + type: ClusterIP + # TODO: investigate if exposing port config to all services makes sense. + port: 8080 + autoscaling: + # If autoscaling is disabled, replica count for a component is equal to minReplicas. + enabled: + minReplicas: + maxReplicas: + targetCPUUtilizationPercentage: + targetMemoryUtilizationPercentage: + podDisruptionBudget: {} + serviceAccount: + create: true + name: + annotations: + nodeSelector: + tolerations: + affinity: + topologySpreadConstraints: + containerSecurityContext: + config: + urlPrefix: /ml_metadata + + visualization: + enabled: true + image: + repository: ml-pipeline/visualization-server + registryOverwrite: + tagOverwrite: + pullPolicyOverwrite: + resources: + requests: + cpu: 30m + memory: 500Mi + # limits: + # cpu: + # memory: + service: + create: true + annotations: + type: ClusterIP + autoscaling: + # If autoscaling is disabled, replica count for a component is equal to minReplicas. + enabled: + minReplicas: + maxReplicas: + targetCPUUtilizationPercentage: + targetMemoryUtilizationPercentage: + podDisruptionBudget: {} + rbac: + create: true + serviceAccount: + create: true + name: + annotations: + nodeSelector: + tolerations: + affinity: + topologySpreadConstraints: + containerSecurityContext: + config: + + # This is metacontroller based implementation that creates instances of + # * Secret/mlpipeline-minio-artifact + # * Deployment/ml-pipeline-ui-artifact + # * Service/ml-pipeline-ui-artifact + # * Deployment/ml-pipeline-visualizationserver + # * Service/ml-pipeline-visualizationserver + # * ConfigMap/kfp-launcher + # * ConfigMap/metadata-grpc-configmap + # * AuthorizationPolicy/ml-pipeline-visualizationserver + # * DestinationRule/ml-pipeline-visualizationserver + profileController: + enabled: true + image: + repository: python + registryOverwrite: docker.io + tagOverwrite: "3.7" + pullPolicyOverwrite: + resources: + # requests: + # cpu: + # memory: + # limits: + # cpu: + # memory: + service: + create: true + annotations: + type: ClusterIP + autoscaling: + # If autoscaling is disabled, replica count for a component is equal to minReplicas. + enabled: + minReplicas: + maxReplicas: + targetCPUUtilizationPercentage: + targetMemoryUtilizationPercentage: + podDisruptionBudget: {} + rbac: + create: false + serviceAccount: + create: false + name: + annotations: + nodeSelector: + tolerations: + affinity: + topologySpreadConstraints: + containerSecurityContext: + config: + disableIstioSidecar: false + + + tensorboard: + enabled: true + controller: + enabled: true + manager: + image: + repository: kubeflownotebookswg/tensorboard-controller + tag: v1.9.2 + registryOverwrite: + pullPolicyOverwrite: + resources: + {} + # limits: + # cpu: 500m + # memory: 128Mi + # requests: + # cpu: 10m + # memory: 64Mi + containerSecurityContext: + allowPrivilegeEscalation: false + config: + rwoPvcScheduling: "True" + tensorboard: + image: + repository: tensorflow/tensorflow + registryOverwrite: + tag: "2.5.1" + kubeRbacProxy: + image: + repository: kubebuilder/kube-rbac-proxy + tag: v0.8.0 + registryOverwrite: gcr.io + pullPolicyOverwrite: + service: + create: true + annotations: + type: ClusterIP + port: 8443 + targetPort: 8443 + resources: + {} + # limits: + # cpu: 500m + # memory: 128Mi + # requests: + # cpu: 5m + # memory: 64Mi + containerSecurityContext: + autoscaling: + # If autoscaling is disabled, replica count for a component is equal to minReplicas. + enabled: + minReplicas: + maxReplicas: + targetCPUUtilizationPercentage: + targetMemoryUtilizationPercentage: + podDisruptionBudget: {} + rbac: + create: true + serviceAccount: + create: true + name: + annotations: + nodeSelector: + tolerations: + affinity: + topologySpreadConstraints: + terminationGracePeriodSeconds: 10 + securityContext: + runAsNonRoot: true + runAsUser: 999 + tensorboardsWebApp: + enabled: true + image: + repository: kubeflownotebookswg/tensorboards-web-app + tag: v1.9.2 + registryOverwrite: + pullPolicyOverwrite: + resources: + {} + service: + create: true + annotations: + type: ClusterIP + port: 80 + targetPort: 5000 + autoscaling: + # If autoscaling is disabled, replica count for a component is equal to minReplicas. + enabled: + minReplicas: + maxReplicas: + targetCPUUtilizationPercentage: + targetMemoryUtilizationPercentage: + podDisruptionBudget: {} + rbac: + create: true + serviceAccount: + create: true + name: + annotations: + nodeSelector: + tolerations: + affinity: + topologySpreadConstraints: + containerSecurityContext: + config: + urlPrefix: /tensorboards + secureCookies: true + + trainingOperator: + enabled: true + image: + repository: kubeflow/training-operator + tag: v1-04f9f13 + registryOverwrite: + pullPolicyOverwrite: + resources: + {} + service: + create: true + annotations: + type: ClusterIP + webhookServer: + port: 443 + targetPort: 9443 + monitoring: + port: 8080 + targetPort: 8080 + autoscaling: + # If autoscaling is disabled, replica count for a component is equal to minReplicas. + enabled: + minReplicas: + maxReplicas: + targetCPUUtilizationPercentage: + targetMemoryUtilizationPercentage: + podDisruptionBudget: {} + rbac: + create: true + serviceAccount: + create: true + name: + annotations: + nodeSelector: + tolerations: + affinity: + topologySpreadConstraints: + terminationGracePeriodSeconds: 10 + containerSecurityContext: + allowPrivilegeEscalation: false + + modelRegistry: + enabled: true + rest: + image: + repository: kubeflow/model-registry + tag: v0.2.9 + pullPolicy: IfNotPresent + resources: + {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + containerSecurityContext: + grpc: + image: + registry: gcr.io + repository: tfx-oss-public/ml_metadata_store_server + tag: 1.14.0 + pullPolicy: IfNotPresent + resources: + {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + containerSecurityContext: + service: + annotations: + type: ClusterIP + restPort: 8080 + grpcPort: 9090 + autoscaling: + # If autoscaling is disabled, replica count for a component is equal to minReplicas. + enabled: + minReplicas: + maxReplicas: + targetCPUUtilizationPercentage: + targetMemoryUtilizationPercentage: + podDisruptionBudget: {} + podAnnotations: + # If Database in use is MySQL running incluster and MySQL has Istio Sidecar + # Disabled, the connection to MySQL Server must also run without sidecar. + # Related resources: + # https://istio.io/latest/about/faq/#mysql-with-mtls + # https://github.com/istio/istio/issues/10062 + traffic.sidecar.istio.io/excludeOutboundPorts: "3306" + serviceAccount: + create: true + name: + annotations: + nodeSelector: + tolerations: + affinity: + topologySpreadConstraints: + config: + rest: + urlPrefix: /api/model_registry/ + grpc: + urlPrefix: /ml_metadata.MetadataStoreService/ + db: + existingSecretName: + user: + value: root + secretKeyRef: + name: + key: username + password: + value: mysql1234 + secretKeyRef: + name: + key: password + host: + value: pipelines-db + secretKeyRef: + name: + key: host + port: + value: 3306 + secretKeyRef: + name: + key: port + dbName: + value: metadb + secretKeyRef: + name: + key: dbName + + networkPolicies: + enabled: true + + # if cert manager is not enabled, we have to use cache-deployer. + # We currently don't support deployments without cert-manager. + certManagerIntegration: + enabled: true + + istioIntegration: + enabled: true + envoyExtAuthzHttpExtensionProviderName: oauth2-proxy + rootNamespace: istio-system + ingressGatewayNamespace: istio-system + # Required for KF Profiles Controller to configure + # correct AuthorizationPolicy principal. + ingressGatewayServiceAccountName: istio-gateway + # one of ['ingressgateway', 'granular'] + # * 'ingressgateway' will deploy one AuthorizationPolicy in the namespace where + # istio ingress gateway Pod is being deployed. + # * 'granular' will deploy multiple AuthorizationPolicies with CUSTOM action using auth provider, + # each for component that requires user id. This is an alternative way of setting authentication + # with istio. 'granular' is more secure but more complex. + # NOTE: this is ultimately not supported and should be cleaned up. + authorizationMode: ingressgateway + m2m: + enabled: true + userClaim: sub + groupsClaim: groups + issuer: https://kubernetes.default.svc.cluster.local + userAuth: + userClaim: email + issuer: http://dex.auth.svc.cluster.local:5556/dex + gateway: + name: kubeflow-gateway + selector: + istio: gateway + # TODO: check if this is used + servers: + - hosts: + - "*" + port: + number: 80 + name: http + protocol: HTTP + kubeflowJwksProxy: + enabled: true + + # Both .Values.dexIntegration.enabled and .Values.istioIntegration.enabled has + # to be set to a boolean 'true' in order to create required dex integration + # resources. + + # Automatically creates Istio VirtualService or Ingress objects. + dexIntegration: + enabled: true + svc: + name: dex + port: 5556 + namespace: auth + + # one of: 'internal', 'external' + # * internal - the in-kubernetes svc address will be used as the dex IdP + # Issuer address. + # example: dex.dex.svc.cluster.local + # * external - the .Values.dexIntegration.host will be used as the dex IdP + # Issuer address. + # example: dex.example.com + # Currently only 'internal' is supported. + integrationType: internal + + # One of: 'istio', 'ingress'. + # Currently only 'istio' is supported. + integrationMode: istio + + # 'host' must be set if .Values.dexIntegration.integrationType: external + host: + + # If .Values.dexIntegration.integrationType: internal, dex IdP will be + # available under this relative URL Prefix. + urlPrefix: /dex + + integrationModeConfig: + istio: + ingress: + class: + annotations: + + # Automatically creates Istio VirtualService. + oauth2ProxyIntegration: + enabled: true + urlPrefix: /oauth2 + host: "*" + svc: + name: oauth2-proxy + port: 80 + namespace: oauth2-proxy + + knativeIntegration: + enabled: true + knativeServing: + enabled: true + name: knative-serving + namespace: knative-serving + # Whatever is under .knativeIntegration.knativeServing.operatorSpec will be + # put directly to the KnativeServing CRD under .spec. + operatorSpec: + version: "1.18" + ingress: + istio: + enabled: true + knative-ingress-gateway: + selector: + istio: gateway + servers: + - port: + number: 80 + name: http + protocol: HTTP + hosts: + - "*" + knative-local-gateway: + selector: + istio: gateway + servers: + - port: + number: 80 + name: http + protocol: HTTP + hosts: + - "*" + config: + # Note: The configuration options may be copied out of + # the example blocks, found in each of the supported KNative ConfigMaps. + # For more information, visit official knative operator documentation: + # https://knative.dev/docs/install/operator/configuring-with-operator/ + istio: + #gateway.knative-serving.knative-ingress-gateway: "istio-gateway.istio-system.svc.cluster.local" + #local-gateway.knative-serving.knative-local-gateway: "cluster-local-gateway.istio-system.svc.cluster.local" + external-gateways: | + - name: knative-ingress-gateway + namespace: knative-serving + service: istio-gateway.istio-system.svc.cluster.local + local-gateways: | + - name: knative-local-gateway + namespace: knative-serving + service: knative-local-gateway.istio-system.svc.cluster.local + domain: {} + # example.com: "" + + # Eventing config + knativeEventing: + enabled: false + name: knative-eventing + namespace: knative-eventing + # Whatever is under .knativeIntegration.knativeEventing.operatorSpec will be + # put directly to the KnativeEventing CRD under .spec. + operatorSpec: + version: 1.10.2 diff --git a/packs/kubeflow-crds-1.9.1/README.md b/packs/kubeflow-crds-1.9.1/README.md new file mode 100644 index 00000000..ea0e4444 --- /dev/null +++ b/packs/kubeflow-crds-1.9.1/README.md @@ -0,0 +1,39 @@ +# Kubeflow CRDs + +This pack installs the Custom Resource Definitions for Kubeflow 1.9.1. + +## Prerequisites + +None + +## Parameters + +| **Parameter** | **Description** | **Type** | **Default Value** | **Required** | +|---|---|---|---|---| +| crds.minimized | Installs the minimum CRD schemas to pass validation. Set to `false` to install the full CRDs | Boolean | true | Yes | +| notebooks.enabled | Installs the Notebooks CRD | Boolean | true | Yes | +| notebooks.controller.enabled | Includes the controller in the Notebooks CRD | Boolean | true | Yes | +| notebooks.controller.certManager.enabled | Includes cert-manager support for the controller in the Notebooks CRD | Boolean | false | Yes | +| notebooks.controller.webhook.enabled | Includes webhook support for the controller in the Notebooks CRD | Boolean | false | Yes | +| notebooks.pvcviewerController.enabled | Includes the pvcviewerController in the Notebooks CRD | Boolean | true | Yes | +| profilesController.enabled | Installs the Profile CRD | Boolean | true | Yes | +| katib.controller.enabled | Installs the Katib CRDs | Boolean | true | Yes | +| pipelines.scheduledWorkflow.enabled | Installs the ScheduledWorkflow CRD | Boolean | true | Yes | +| pipelines.viewerCrd.enabled | Installs the Viewer CRD | Boolean | true | Yes | +| tensorboard.controller.enabled | Includes the Tensorboard CRD | Boolean | true | Yes | +| trainingOperator.enabled | Installs the Training Operator v1 CRDs | Boolean | true | Yes | + + +## Upgrade + +This is the first version of the Kubeflow CRDs pack. There are no previous versions to upgrade from. + + +## Usage + +To deploy this pack, add it to your cluster profile. The defaults should not need adjusting. + + +## References + +- [Based on kromanow94/kubeflow-manifests](https://github.com/kromanow94/kubeflow-manifests/tree/helmcharts/charts/kubeflow-crds) \ No newline at end of file diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds-0.4.1.tgz b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds-0.4.1.tgz new file mode 100644 index 00000000..18782fca Binary files /dev/null and b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds-0.4.1.tgz differ diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/.helmignore b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/Chart.yaml b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/Chart.yaml new file mode 100644 index 00000000..4d5db065 --- /dev/null +++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/Chart.yaml @@ -0,0 +1,27 @@ +apiVersion: v2 +name: kubeflow-crds +description: A Helm chart for Kubeflow CRDs + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.4.1 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.9.1" +maintainers: + - name: Kubeflow + url: https://github.com/kromanow94/kubeflow-manifests diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/_helpers.tpl b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/_helpers.tpl new file mode 100644 index 00000000..38128a86 --- /dev/null +++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/_helpers.tpl @@ -0,0 +1,107 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "kubeflowCrds.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "kubeflowCrds.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "kubeflowCrds.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "kubeflowCrds.common.labels" -}} +helm.sh/chart: {{ include "kubeflowCrds.chart" . }} +{{ include "kubeflowCrds.common.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Common selector labels +*/}} +{{- define "kubeflowCrds.common.selectorLabels" -}} +app.kubernetes.io/name: {{ include "kubeflowCrds.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Kubeflow Component Names. + +Changing this function will reflect on all component and subcomponent names. +*/}} +{{- define "kubeflowCrds.component.name" -}} +{{- $componentName := index . 0 -}} +{{- $context := index . 1 -}} +{{- $componentName }} +{{- end }} + +{{- define "kubeflowCrds.common.group" -}} +kubeflow.org +{{- end }} + +{{/* +Component specific labels +*/}} +{{- define "kubeflowCrds.component.labels" -}} +{{ include "kubeflowCrds.component.selectorLabels" . }} +{{- end }} + +{{/* +Component specific selector labels +*/}} +{{- define "kubeflowCrds.component.selectorLabels" -}} +app.kubernetes.io/component: {{ . }} +{{- end }} + +{{/* +subcomponent specific labels +*/}} +{{- define "kubeflowCrds.component.subcomponent.labels" -}} +{{ include "kubeflowCrds.component.subcomponent.selectorLabels" . }} +{{- end }} + +{{/* +subcomponent specific selector labels +*/}} +{{- define "kubeflowCrds.component.subcomponent.selectorLabels" -}} +app.kubernetes.io/subcomponent: {{ . }} +{{- end }} + +{{/* +Namespace for all resources to be installed into +If not defined in values file then the helm release namespace is used +By default this is not set so the helm release namespace will be used + +This gets around an problem within helm discussed here +https://github.com/helm/helm/issues/5358 +{{- default .Values.namespace .Release.Namespace }} +*/}} +{{- define "kubeflowCrds.namespace" -}} +{{- default .Release.Namespace .Values.namespace }} +{{- end -}} diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.admissionWebhook.tpl b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.admissionWebhook.tpl new file mode 100644 index 00000000..ed8dbaf1 --- /dev/null +++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.admissionWebhook.tpl @@ -0,0 +1,50 @@ +{{/* +Kubeflow Admission Webhook object names. +*/}} +{{- define "kubeflowCrds.admissionWebhook.baseName" -}} +{{- printf "admission-webhook" }} +{{- end }} + +{{- define "kubeflowCrds.admissionWebhook.name" -}} +{{- include "kubeflowCrds.component.name" ( + list + (include "kubeflowCrds.admissionWebhook.baseName" .) + . +)}} +{{- end }} + +{{- define "kubeflowCrds.admissionWebhook.group" -}} +{{- include "kubeflowCrds.common.group" . }} +{{- end }} + +{{- define "kubeflowCrds.admissionWebhook.singularName" -}} +{{- printf "poddefault" }} +{{- end }} + +{{- define "kubeflowCrds.admissionWebhook.pluralName" -}} +{{ printf "%s%s" (include "kubeflowCrds.admissionWebhook.singularName" .) "s" }} +{{- end }} + +{{- define "kubeflowCrds.admissionWebhook.fullName" -}} +{{ printf "%s.%s" (include "kubeflowCrds.admissionWebhook.pluralName" .) (include "kubeflowCrds.admissionWebhook.group" .) }} +{{- end }} + +{{/* +Kubeflow Admission Webhook object labels. +*/}} +{{- define "kubeflowCrds.admissionWebhook.labels" -}} +{{ include "kubeflowCrds.common.labels" . }} +{{ include "kubeflowCrds.component.labels" (include "kubeflowCrds.admissionWebhook.name" .) }} +{{- end }} + +{{- define "kubeflowCrds.admissionWebhook.selectorLabels" -}} +{{ include "kubeflowCrds.common.selectorLabels" . }} +{{ include "kubeflowCrds.component.selectorLabels" (include "kubeflowCrds.admissionWebhook.name" .) }} +{{- end }} + +{{/* +Kubeflow Admission Webhook enable and create toggles. +*/}} +{{- define "kubeflowCrds.admissionWebhook.enabled" -}} +{{- .Values.admissionWebhook.enabled }} +{{- end }} diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.katib.controller.tpl b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.katib.controller.tpl new file mode 100644 index 00000000..1b853ca7 --- /dev/null +++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.katib.controller.tpl @@ -0,0 +1,80 @@ +{{/* +Kubeflow Katib Controller object names. +*/}} +{{- define "kubeflowCrds.katib.controller.baseName" -}} +{{- printf "katib-controller" }} +{{- end }} + +{{- define "kubeflowCrds.katib.controller.name" -}} +{{- include "kubeflowCrds.component.name" ( + list + (include "kubeflowCrds.katib.controller.baseName" .) + . +)}} +{{- end }} + +{{- define "kubeflowCrds.katib.controller.group" -}} +{{- include "kubeflowCrds.common.group" . }} +{{- end }} + +{{- define "kubeflowCrds.katib.controller.experimentSingularName" -}} +{{- printf "experiment" }} +{{- end }} + +{{- define "kubeflowCrds.katib.controller.experimentPluralName" -}} +{{ printf "%s%s" (include "kubeflowCrds.katib.controller.experimentSingularName" .) "s" }} +{{- end }} + +{{- define "kubeflowCrds.katib.controller.experimentFullName" -}} +{{ printf "%s.%s" (include "kubeflowCrds.katib.controller.experimentPluralName" .) (include "kubeflowCrds.katib.controller.group" .) }} +{{- end }} + +{{- define "kubeflowCrds.katib.controller.suggestionSingularName" -}} +{{- printf "suggestion" }} +{{- end }} + +{{- define "kubeflowCrds.katib.controller.suggestionPluralName" -}} +{{ printf "%s%s" (include "kubeflowCrds.katib.controller.suggestionSingularName" .) "s" }} +{{- end }} + +{{- define "kubeflowCrds.katib.controller.suggestionFullName" -}} +{{ printf "%s.%s" (include "kubeflowCrds.katib.controller.suggestionPluralName" .) (include "kubeflowCrds.katib.controller.group" .) }} +{{- end }} + +{{- define "kubeflowCrds.katib.controller.trialSingularName" -}} +{{- printf "trial" }} +{{- end }} + +{{- define "kubeflowCrds.katib.controller.trialPluralName" -}} +{{ printf "%s%s" (include "kubeflowCrds.katib.controller.trialSingularName" .) "s" }} +{{- end }} + +{{- define "kubeflowCrds.katib.controller.trialFullName" -}} +{{ printf "%s.%s" (include "kubeflowCrds.katib.controller.trialPluralName" .) (include "kubeflowCrds.katib.controller.group" .) }} +{{- end }} + +{{/* +Kubeflow Katib Controller object labels. +*/}} +{{- define "kubeflowCrds.katib.controller.labels" -}} +{{ include "kubeflowCrds.common.labels" . }} +{{ include "kubeflowCrds.component.labels" (include "kubeflowCrds.katib.name" .) }} +{{ include "kubeflowCrds.component.subcomponent.labels" (include "kubeflowCrds.katib.controller.name" .) }} +{{- end }} + +{{- define "kubeflowCrds.katib.controller.selectorLabels" -}} +{{ include "kubeflowCrds.common.selectorLabels" . }} +{{ include "kubeflowCrds.component.selectorLabels" (include "kubeflowCrds.katib.name" .) }} +{{ include "kubeflowCrds.component.subcomponent.labels" (include "kubeflowCrds.katib.controller.name" .) }} +{{- end }} + +{{/* +Kubeflow Katib Controller enable and create toggles. +*/}} +{{- define "kubeflowCrds.katib.controller.enabled" -}} +{{- ternary true "" ( + and + (include "kubeflowCrds.katib.enabled" . | eq "true") + .Values.katib.controller.enabled +)}} +{{- end }} diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.katib.tpl b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.katib.tpl new file mode 100644 index 00000000..eeb6f28c --- /dev/null +++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.katib.tpl @@ -0,0 +1,36 @@ +{{/* +Kubeflow Katib Controller object names. +*/}} +{{- define "kubeflowCrds.katib.baseName" -}} +{{- printf "katib" }} +{{- end }} + +{{- define "kubeflowCrds.katib.name" -}} +{{- include "kubeflowCrds.component.name" ( + list + (include "kubeflowCrds.katib.baseName" .) + . +)}} +{{- end }} + +{{/* +Kubeflow Katib Controller object labels. +*/}} +{{- define "kubeflowCrds.katib.labels" -}} +{{ include "kubeflowCrds.common.labels" . }} +{{ include "kubeflowCrds.component.labels" (include "kubeflowCrds.katib.name" .) }} +{{ include "kubeflowCrds.component.subcomponent.labels" (include "kubeflowCrds.katib.name" .) }} +{{- end }} + +{{- define "kubeflowCrds.katib.selectorLabels" -}} +{{ include "kubeflowCrds.common.selectorLabels" . }} +{{ include "kubeflowCrds.component.selectorLabels" (include "kubeflowCrds.katib.name" .) }} +{{ include "kubeflowCrds.component.subcomponent.labels" (include "kubeflowCrds.katib.name" .) }} +{{- end }} + +{{/* +Kubeflow Katib enable and create toggles. +*/}} +{{- define "kubeflowCrds.katib.enabled" -}} +{{- ternary true "" .Values.katib.enabled }} +{{- end }} diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.notebooks.controller.tpl b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.notebooks.controller.tpl new file mode 100644 index 00000000..8cddf521 --- /dev/null +++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.notebooks.controller.tpl @@ -0,0 +1,60 @@ +{{/* +Kubeflow Notebooks Controller object names. +*/}} +{{- define "kubeflowCrds.notebooks.controller.baseName" -}} +{{- printf "notebooks-controller" }} +{{- end }} + +{{- define "kubeflowCrds.notebooks.controller.name" -}} +{{- include "kubeflowCrds.component.name" ( + list + (include "kubeflowCrds.notebooks.controller.baseName" .) + . +)}} +{{- end }} + +{{- define "kubeflowCrds.notebooks.controller.group" -}} +{{- include "kubeflowCrds.common.group" . }} +{{- end }} + +{{- define "kubeflowCrds.notebooks.controller.singularName" -}} +{{- printf "notebook" }} +{{- end }} + +{{- define "kubeflowCrds.notebooks.controller.pluralName" -}} +{{ printf "%s%s" (include "kubeflowCrds.notebooks.controller.singularName" .) "s" }} +{{- end }} + +{{- define "kubeflowCrds.notebooks.controller.fullName" -}} +{{ printf "%s.%s" (include "kubeflowCrds.notebooks.controller.pluralName" .) (include "kubeflowCrds.notebooks.controller.group" .) }} +{{- end }} + +{{/* +Kubeflow Notebooks Controller object labels. +*/}} +{{- define "kubeflowCrds.notebooks.controller.labels" -}} +{{ include "kubeflowCrds.common.labels" . }} +{{ include "kubeflowCrds.component.labels" (include "kubeflowCrds.notebooks.name" .) }} +{{ include "kubeflowCrds.component.subcomponent.labels" (include "kubeflowCrds.notebooks.controller.name" .) }} +{{- end }} + +{{- define "kubeflowCrds.notebooks.controller.selectorLabels" -}} +{{ include "kubeflowCrds.common.selectorLabels" . }} +{{ include "kubeflowCrds.component.selectorLabels" (include "kubeflowCrds.notebooks.name" .) }} +{{ include "kubeflowCrds.component.subcomponent.labels" (include "kubeflowCrds.notebooks.controller.name" .) }} +{{- end }} + +{{/* +Kubeflow Notebooks Controller enable and create toggles. +*/}} +{{- define "kubeflowCrds.notebooks.controller.enabled" -}} +{{- ternary true "" ( + and + (include "kubeflowCrds.notebooks.enabled" . | eq "true") + .Values.notebooks.controller.enabled +)}} +{{- end }} + +{{- define "kubeflowCrds.notebooks.controller.certName" -}} +{{ printf "%s-%s" (include "kubeflowCrds.notebooks.controller.name" .) "cert" }} +{{- end }} diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.notebooks.pvcviewerController.tpl b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.notebooks.pvcviewerController.tpl new file mode 100644 index 00000000..5c86705a --- /dev/null +++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.notebooks.pvcviewerController.tpl @@ -0,0 +1,67 @@ +{{/* +Kubeflow Notebooks PVC Viewer Controller object names. +*/}} +{{- define "kubeflowCrds.notebooks.pvcviewerController.baseName" -}} +{{- printf "pvcviewer-controller" }} +{{- end }} + +{{- define "kubeflowCrds.notebooks.pvcviewerController.name" -}} +{{- include "kubeflowCrds.component.name" ( + list + (include "kubeflowCrds.notebooks.pvcviewerController.baseName" .) + . +)}} +{{- end }} + +{{- define "kubeflowCrds.notebooks.pvcviewerController.manager.name" -}} +{{- printf "%s-%s" + (include "kubeflowCrds.notebooks.pvcviewerController.name" .) + "manager" +}} +{{- end }} + +{{- define "kubeflowCrds.notebooks.pvcviewerController.certName" -}} +{{ printf "%s-%s" (include "kubeflowCrds.notebooks.pvcviewerController.name" .) "cert" }} +{{- end }} + +{{- define "kubeflowCrds.notebooks.pvcviewerController.group" -}} +{{- include "kubeflowCrds.common.group" . }} +{{- end }} + +{{- define "kubeflowCrds.notebooks.pvcviewerController.singularName" -}} +{{- printf "pvcviewer" }} +{{- end }} + +{{- define "kubeflowCrds.notebooks.pvcviewerController.pluralName" -}} +{{ printf "%s%s" (include "kubeflowCrds.notebooks.pvcviewerController.singularName" .) "s" }} +{{- end }} + +{{- define "kubeflowCrds.notebooks.pvcviewerController.fullName" -}} +{{ printf "%s.%s" (include "kubeflowCrds.notebooks.pvcviewerController.pluralName" .) (include "kubeflowCrds.notebooks.pvcviewerController.group" .) }} +{{- end }} + +{{/* +Kubeflow Notebooks PVC Viewer Controller object labels. +*/}} +{{- define "kubeflowCrds.notebooks.pvcviewerController.labels" -}} +{{ include "kubeflowCrds.common.labels" . }} +{{ include "kubeflowCrds.component.labels" (include "kubeflowCrds.notebooks.name" .) }} +{{ include "kubeflowCrds.component.subcomponent.labels" (include "kubeflowCrds.notebooks.pvcviewerController.name" .) }} +{{- end }} + +{{- define "kubeflowCrds.notebooks.pvcviewerController.selectorLabels" -}} +{{ include "kubeflowCrds.common.selectorLabels" . }} +{{ include "kubeflowCrds.component.selectorLabels" (include "kubeflowCrds.notebooks.name" .) }} +{{ include "kubeflowCrds.component.subcomponent.labels" (include "kubeflowCrds.notebooks.pvcviewerController.name" .) }} +{{- end }} + +{{/* +Kubeflow Notebooks PVC Viewer Controller enable and create toggles. +*/}} +{{- define "kubeflowCrds.notebooks.pvcviewerController.enabled" -}} +{{- ternary true "" ( + and + (include "kubeflowCrds.notebooks.enabled" . | eq "true") + .Values.notebooks.pvcviewerController.enabled +)}} +{{- end }} diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.notebooks.tpl b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.notebooks.tpl new file mode 100644 index 00000000..e620c78e --- /dev/null +++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.notebooks.tpl @@ -0,0 +1,34 @@ +{{/* +Kubeflow Notebooks object names. +*/}} +{{- define "kubeflowCrds.notebooks.baseName" -}} +{{- printf "notebooks" }} +{{- end }} + +{{- define "kubeflowCrds.notebooks.name" -}} +{{- include "kubeflowCrds.component.name" ( + list + (include "kubeflowCrds.notebooks.baseName" .) + . +)}} +{{- end }} + +{{/* +Kubeflow Notebooks object labels. +*/}} +{{- define "kubeflowCrds.notebooks.labels" -}} +{{ include "kubeflowCrds.common.labels" . }} +{{ include "kubeflowCrds.component.labels" (include "kubeflowCrds.notebooks.name" .) }} +{{- end }} + +{{- define "kubeflowCrds.notebooks.selectorLabels" -}} +{{ include "kubeflowCrds.common.selectorLabels" . }} +{{ include "kubeflowCrds.component.selectorLabels" (include "kubeflowCrds.notebooks.name" .) }} +{{- end }} + +{{/* +Kubeflow Notebooks enable and create toggles. +*/}} +{{- define "kubeflowCrds.notebooks.enabled" -}} +{{- ternary true "" .Values.notebooks.enabled }} +{{- end }} diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.pipelines.scheduledWorkflow.tpl b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.pipelines.scheduledWorkflow.tpl new file mode 100644 index 00000000..2eae1187 --- /dev/null +++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.pipelines.scheduledWorkflow.tpl @@ -0,0 +1,55 @@ +{{/* +Kubeflow Pipelines Scheduled Workflow object names. +*/}} +{{- define "kubeflowCrds.pipelines.scheduledWorkflow.baseName" -}} +{{- printf "ml-pipeline-scheduledworkflow" }} +{{- end }} + +{{- define "kubeflowCrds.pipelines.scheduledWorkflow.name" -}} +{{- include "kubeflowCrds.component.name" ( + list + (include "kubeflowCrds.pipelines.scheduledWorkflow.baseName" .) + . +)}} +{{- end }} + +{{- define "kubeflowCrds.pipelines.scheduledWorkflow.group" -}} +{{- include "kubeflowCrds.common.group" . }} +{{- end }} + +{{- define "kubeflowCrds.pipelines.scheduledWorkflow.singularName" -}} +{{- printf "scheduledworkflow" }} +{{- end }} + +{{- define "kubeflowCrds.pipelines.scheduledWorkflow.pluralName" -}} +{{ printf "%s%s" (include "kubeflowCrds.pipelines.scheduledWorkflow.singularName" .) "s" }} +{{- end }} + +{{- define "kubeflowCrds.pipelines.scheduledWorkflow.fullName" -}} +{{ printf "%s.%s" (include "kubeflowCrds.pipelines.scheduledWorkflow.pluralName" .) (include "kubeflowCrds.pipelines.scheduledWorkflow.group" .) }} +{{- end }} + +{{/* +Kubeflow Pipelines Scheduled Workflow object labels. +*/}} +{{- define "kubeflowCrds.pipelines.scheduledWorkflow.labels" -}} +{{ include "kubeflowCrds.common.labels" . }} +{{ include "kubeflowCrds.component.labels" (include "kubeflowCrds.pipelines.name" .) }} +{{ include "kubeflowCrds.component.subcomponent.labels" (include "kubeflowCrds.pipelines.scheduledWorkflow.name" .) }} +{{- end }} + +{{- define "kubeflowCrds.pipelines.scheduledWorkflow.selectorLabels" -}} +{{ include "kubeflowCrds.common.selectorLabels" . }} +{{ include "kubeflowCrds.component.selectorLabels" (include "kubeflowCrds.pipelines.name" .) }} +{{ include "kubeflowCrds.component.subcomponent.labels" (include "kubeflowCrds.pipelines.scheduledWorkflow.name" .) }} +{{- end }} + +{{/* +Kubeflow Pipelines Scheduled Workflow enable and create toggles. +*/}} +{{- define "kubeflowCrds.pipelines.scheduledWorkflow.enabled" -}} +{{- and + (include "kubeflowCrds.pipelines.enabled" . | eq "true") + .Values.pipelines.scheduledWorkflow.enabled +}} +{{- end }} diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.pipelines.tpl b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.pipelines.tpl new file mode 100644 index 00000000..1015743f --- /dev/null +++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.pipelines.tpl @@ -0,0 +1,34 @@ +{{/* +Kubeflow Pipelines object names. +*/}} +{{- define "kubeflowCrds.pipelines.baseName" -}} +{{- printf "pipelines" }} +{{- end }} + +{{- define "kubeflowCrds.pipelines.name" -}} +{{- include "kubeflowCrds.component.name" ( + list + (include "kubeflowCrds.pipelines.baseName" .) + . +)}} +{{- end }} + +{{/* +Kubeflow Pipelines object labels. +*/}} +{{- define "kubeflowCrds.pipelines.labels" -}} +{{ include "kubeflowCrds.common.labels" . }} +{{ include "kubeflowCrds.component.labels" (include "kubeflowCrds.pipelines.name" .) }} +{{- end }} + +{{- define "kubeflowCrds.pipelines.selectorLabels" -}} +{{ include "kubeflowCrds.common.selectorLabels" . }} +{{ include "kubeflowCrds.component.selectorLabels" (include "kubeflowCrds.pipelines.name" .) }} +{{- end }} + +{{/* +Kubeflow Pipelines enable and create toggles. +*/}} +{{- define "kubeflowCrds.pipelines.enabled" -}} +{{- ternary true "" .Values.pipelines.enabled }} +{{- end }} diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.pipelines.viewerCrd.tpl b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.pipelines.viewerCrd.tpl new file mode 100644 index 00000000..c7637954 --- /dev/null +++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.pipelines.viewerCrd.tpl @@ -0,0 +1,55 @@ +{{/* +Kubeflow Pipelines ML Pipeline object names. +*/}} +{{- define "kubeflowCrds.pipelines.viewerCrd.baseName" -}} +{{- printf "ml-pipeline-viewer-crd" }} +{{- end }} + +{{- define "kubeflowCrds.pipelines.viewerCrd.name" -}} +{{- include "kubeflowCrds.component.name" ( + list + (include "kubeflowCrds.pipelines.viewerCrd.baseName" .) + . +)}} +{{- end }} + +{{- define "kubeflowCrds.pipelines.viewerCrd.group" -}} +{{- include "kubeflowCrds.common.group" . }} +{{- end }} + +{{- define "kubeflowCrds.pipelines.viewerCrd.singularName" -}} +{{- printf "viewer" }} +{{- end }} + +{{- define "kubeflowCrds.pipelines.viewerCrd.pluralName" -}} +{{ printf "%s%s" (include "kubeflowCrds.pipelines.viewerCrd.singularName" .) "s" }} +{{- end }} + +{{- define "kubeflowCrds.pipelines.viewerCrd.fullName" -}} +{{ printf "%s.%s" (include "kubeflowCrds.pipelines.viewerCrd.pluralName" .) (include "kubeflowCrds.pipelines.viewerCrd.group" .) }} +{{- end }} + +{{/* +Kubeflow Pipelines ML Pipeline object labels. +*/}} +{{- define "kubeflowCrds.pipelines.viewerCrd.labels" -}} +{{ include "kubeflowCrds.common.labels" . }} +{{ include "kubeflowCrds.component.labels" (include "kubeflowCrds.pipelines.name" .) }} +{{ include "kubeflowCrds.component.subcomponent.labels" (include "kubeflowCrds.pipelines.viewerCrd.name" .) }} +{{- end }} + +{{- define "kubeflowCrds.pipelines.viewerCrd.selectorLabels" -}} +{{ include "kubeflowCrds.common.selectorLabels" . }} +{{ include "kubeflowCrds.component.selectorLabels" (include "kubeflowCrds.pipelines.name" .) }} +{{ include "kubeflowCrds.component.subcomponent.labels" (include "kubeflowCrds.pipelines.viewerCrd.name" .) }} +{{- end }} + +{{/* +Kubeflow Pipelines ML Pipeline enable and create toggles. +*/}} +{{- define "kubeflowCrds.pipelines.viewerCrd.enabled" -}} +{{- and + (include "kubeflowCrds.pipelines.enabled" . | eq "true") + .Values.pipelines.viewerCrd.enabled +}} +{{- end }} diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.profilesController.tpl b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.profilesController.tpl new file mode 100644 index 00000000..b7e7a26b --- /dev/null +++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.profilesController.tpl @@ -0,0 +1,50 @@ +{{/* +Kubeflow Profiles Controller object names. +*/}} +{{- define "kubeflowCrds.profilesController.baseName" -}} +{{- printf "profiles-controller" }} +{{- end }} + +{{- define "kubeflowCrds.profilesController.name" -}} +{{- include "kubeflowCrds.component.name" ( + list + (include "kubeflowCrds.profilesController.baseName" .) + . +)}} +{{- end }} + +{{- define "kubeflowCrds.profilesController.group" -}} +{{- include "kubeflowCrds.common.group" . }} +{{- end }} + +{{- define "kubeflowCrds.profilesController.singularName" -}} +{{- printf "profile" }} +{{- end }} + +{{- define "kubeflowCrds.profilesController.pluralName" -}} +{{ printf "%s%s" (include "kubeflowCrds.profilesController.singularName" .) "s" }} +{{- end }} + +{{- define "kubeflowCrds.profilesController.fullName" -}} +{{ printf "%s.%s" (include "kubeflowCrds.profilesController.pluralName" .) (include "kubeflowCrds.profilesController.group" .) }} +{{- end }} + +{{/* +Kubeflow Profiles Controller object labels. +*/}} +{{- define "kubeflowCrds.profilesController.labels" -}} +{{ include "kubeflowCrds.common.labels" . }} +{{ include "kubeflowCrds.component.labels" (include "kubeflowCrds.profilesController.name" .) }} +{{- end }} + +{{- define "kubeflowCrds.profilesController.selectorLabels" -}} +{{ include "kubeflowCrds.common.selectorLabels" . }} +{{ include "kubeflowCrds.component.selectorLabels" (include "kubeflowCrds.profilesController.name" .) }} +{{- end }} + +{{/* +Kubeflow Profiles Controller enable and create toggles. +*/}} +{{- define "kubeflowCrds.profilesController.enabled" -}} +{{- .Values.profilesController.enabled }} +{{- end }} diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.tensorboard.controller.tpl b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.tensorboard.controller.tpl new file mode 100644 index 00000000..1d52ec63 --- /dev/null +++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.tensorboard.controller.tpl @@ -0,0 +1,56 @@ +{{/* +Kubeflow Tensorboard Controller object names. +*/}} +{{- define "kubeflowCrds.tensorboard.controller.baseName" -}} +{{- printf "tensorboard-controller" }} +{{- end }} + +{{- define "kubeflowCrds.tensorboard.controller.name" -}} +{{- include "kubeflowCrds.component.name" ( + list + (include "kubeflowCrds.tensorboard.controller.baseName" .) + . +)}} +{{- end }} + +{{- define "kubeflowCrds.tensorboard.controller.group" -}} +{{ printf "%s.%s" (include "kubeflowCrds.tensorboard.controller.singularName" .) (include "kubeflowCrds.common.group" .) }} +{{- end }} + +{{- define "kubeflowCrds.tensorboard.controller.singularName" -}} +{{- printf "tensorboard" }} +{{- end }} + +{{- define "kubeflowCrds.tensorboard.controller.pluralName" -}} +{{ printf "%s%s" (include "kubeflowCrds.tensorboard.controller.singularName" .) "s" }} +{{- end }} + +{{- define "kubeflowCrds.tensorboard.controller.fullName" -}} +{{ printf "%s.%s" (include "kubeflowCrds.tensorboard.controller.pluralName" .) (include "kubeflowCrds.tensorboard.controller.group" .) }} +{{- end }} + +{{/* +Kubeflow Tensorboard Controller object labels. +*/}} +{{- define "kubeflowCrds.tensorboard.controller.labels" -}} +{{ include "kubeflowCrds.common.labels" . }} +{{ include "kubeflowCrds.component.labels" (include "kubeflowCrds.tensorboard.name" .) }} +{{ include "kubeflowCrds.component.subcomponent.labels" (include "kubeflowCrds.tensorboard.controller.name" .) }} +{{- end }} + +{{- define "kubeflowCrds.tensorboard.controller.selectorLabels" -}} +{{ include "kubeflowCrds.common.selectorLabels" . }} +{{ include "kubeflowCrds.component.selectorLabels" (include "kubeflowCrds.tensorboard.name" .) }} +{{ include "kubeflowCrds.component.subcomponent.labels" (include "kubeflowCrds.tensorboard.controller.name" .) }} +{{- end }} + +{{/* +Kubeflow Tensorboard Controller enable and create toggles. +*/}} +{{- define "kubeflowCrds.tensorboard.controller.enabled" -}} +{{- ternary true "" ( + and + (include "kubeflowCrds.tensorboard.enabled" . | eq "true") + .Values.tensorboard.controller.enabled +)}} +{{- end }} diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.tensorboard.tpl b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.tensorboard.tpl new file mode 100644 index 00000000..9c0c5c84 --- /dev/null +++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.tensorboard.tpl @@ -0,0 +1,34 @@ +{{/* +Kubeflow Tensorboard object names. +*/}} +{{- define "kubeflowCrds.tensorboard.baseName" -}} +{{- printf "tensorboard" }} +{{- end }} + +{{- define "kubeflowCrds.tensorboard.name" -}} +{{- include "kubeflowCrds.component.name" ( + list + (include "kubeflowCrds.tensorboard.baseName" .) + . +)}} +{{- end }} + +{{/* +Kubeflow Tensorboard object labels. +*/}} +{{- define "kubeflowCrds.tensorboard.labels" -}} +{{ include "kubeflowCrds.common.labels" . }} +{{ include "kubeflowCrds.component.labels" (include "kubeflowCrds.tensorboard.name" .) }} +{{- end }} + +{{- define "kubeflowCrds.tensorboard.selectorLabels" -}} +{{ include "kubeflowCrds.common.selectorLabels" . }} +{{ include "kubeflowCrds.component.selectorLabels" (include "kubeflowCrds.tensorboard.name" .) }} +{{- end }} + +{{/* +Kubeflow Tensorboard enable and create toggles. +*/}} +{{- define "kubeflowCrds.tensorboard.enabled" -}} +{{- ternary true "" .Values.tensorboard.enabled }} +{{- end }} diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.trainingOperator.tpl b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.trainingOperator.tpl new file mode 100644 index 00000000..3ddfff1c --- /dev/null +++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.trainingOperator.tpl @@ -0,0 +1,110 @@ +{{/* +Kubeflow Training Operator object names. +*/}} +{{- define "kubeflowCrds.trainingOperator.baseName" -}} +{{- printf "training-operator" }} +{{- end }} + +{{- define "kubeflowCrds.trainingOperator.name" -}} +{{- include "kubeflowCrds.component.name" ( + list + (include "kubeflowCrds.trainingOperator.baseName" .) + . +)}} +{{- end }} + +{{- define "kubeflowCrds.trainingOperator.group" -}} +{{- include "kubeflowCrds.common.group" . }} +{{- end }} + +{{- define "kubeflowCrds.trainingOperator.mpiSingularName" -}} +{{- printf "mpijob" }} +{{- end }} + +{{- define "kubeflowCrds.trainingOperator.mpiPluralName" -}} +{{ printf "%s%s" (include "kubeflowCrds.trainingOperator.mpiSingularName" .) "s" }} +{{- end }} + +{{- define "kubeflowCrds.trainingOperator.mpiFullName" -}} +{{ printf "%s.%s" (include "kubeflowCrds.trainingOperator.mpiPluralName" .) (include "kubeflowCrds.trainingOperator.group" .) }} +{{- end }} + +{{- define "kubeflowCrds.trainingOperator.mxSingularName" -}} +{{- printf "mxjob" }} +{{- end }} + +{{- define "kubeflowCrds.trainingOperator.mxPluralName" -}} +{{ printf "%s%s" (include "kubeflowCrds.trainingOperator.mxSingularName" .) "s" }} +{{- end }} + +{{- define "kubeflowCrds.trainingOperator.mxFullName" -}} +{{ printf "%s.%s" (include "kubeflowCrds.trainingOperator.mxPluralName" .) (include "kubeflowCrds.trainingOperator.group" .) }} +{{- end }} + +{{- define "kubeflowCrds.trainingOperator.paddleSingularName" -}} +{{- printf "paddlejob" }} +{{- end }} + +{{- define "kubeflowCrds.trainingOperator.paddlePluralName" -}} +{{ printf "%s%s" (include "kubeflowCrds.trainingOperator.paddleSingularName" .) "s" }} +{{- end }} + +{{- define "kubeflowCrds.trainingOperator.paddleFullName" -}} +{{ printf "%s.%s" (include "kubeflowCrds.trainingOperator.paddlePluralName" .) (include "kubeflowCrds.trainingOperator.group" .) }} +{{- end }} + +{{- define "kubeflowCrds.trainingOperator.pytorchSingularName" -}} +{{- printf "pytorchjob" }} +{{- end }} + +{{- define "kubeflowCrds.trainingOperator.pytorchPluralName" -}} +{{ printf "%s%s" (include "kubeflowCrds.trainingOperator.pytorchSingularName" .) "s" }} +{{- end }} + +{{- define "kubeflowCrds.trainingOperator.pytorchFullName" -}} +{{ printf "%s.%s" (include "kubeflowCrds.trainingOperator.pytorchPluralName" .) (include "kubeflowCrds.trainingOperator.group" .) }} +{{- end }} + +{{- define "kubeflowCrds.trainingOperator.tfSingularName" -}} +{{- printf "tfjob" }} +{{- end }} + +{{- define "kubeflowCrds.trainingOperator.tfPluralName" -}} +{{ printf "%s%s" (include "kubeflowCrds.trainingOperator.tfSingularName" .) "s" }} +{{- end }} + +{{- define "kubeflowCrds.trainingOperator.tfFullName" -}} +{{ printf "%s.%s" (include "kubeflowCrds.trainingOperator.tfPluralName" .) (include "kubeflowCrds.trainingOperator.group" .) }} +{{- end }} + +{{- define "kubeflowCrds.trainingOperator.xgboostSingularName" -}} +{{- printf "xgboostjob" }} +{{- end }} + +{{- define "kubeflowCrds.trainingOperator.xgboostPluralName" -}} +{{ printf "%s%s" (include "kubeflowCrds.trainingOperator.xgboostSingularName" .) "s" }} +{{- end }} + +{{- define "kubeflowCrds.trainingOperator.xgboostFullName" -}} +{{ printf "%s.%s" (include "kubeflowCrds.trainingOperator.xgboostPluralName" .) (include "kubeflowCrds.trainingOperator.group" .) }} +{{- end }} + +{{/* +Kubeflow Training Operator object labels. +*/}} +{{- define "kubeflowCrds.trainingOperator.labels" -}} +{{ include "kubeflowCrds.common.labels" . }} +{{ include "kubeflowCrds.component.labels" (include "kubeflowCrds.trainingOperator.name" .) }} +{{- end }} + +{{- define "kubeflowCrds.trainingOperator.selectorLabels" -}} +{{ include "kubeflowCrds.common.selectorLabels" . }} +{{ include "kubeflowCrds.component.selectorLabels" (include "kubeflowCrds.trainingOperator.name" .) }} +{{- end }} + +{{/* +Kubeflow Training Operator enable and create toggles. +*/}} +{{- define "kubeflowCrds.trainingOperator.enabled" -}} +{{- .Values.trainingOperator.enabled }} +{{- end }} diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/admission-webhook/crd.yaml b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/admission-webhook/crd.yaml new file mode 100644 index 00000000..a2b2e7ef --- /dev/null +++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/admission-webhook/crd.yaml @@ -0,0 +1,2102 @@ +{{- if (include "kubeflowCrds.admissionWebhook.enabled" . | eq "true") -}} +{{- if .Values.crds.minimized }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.8.0 + creationTimestamp: null + labels: + {{- include "kubeflowCrds.admissionWebhook.labels" . | nindent 4 }} + name: {{ include "kubeflowCrds.admissionWebhook.fullName" . }} +spec: + group: {{ include "kubeflowCrds.admissionWebhook.group" . }} + names: + kind: PodDefault + listKind: PodDefaultList + plural: {{ include "kubeflowCrds.admissionWebhook.pluralName" . }} + singular: {{ include "kubeflowCrds.admissionWebhook.singularName" . }} + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + +{{- else }} + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.8.0 + creationTimestamp: null + labels: + {{- include "kubeflowCrds.admissionWebhook.labels" . | nindent 4 }} + name: {{ include "kubeflowCrds.admissionWebhook.fullName" . }} +spec: + group: {{ include "kubeflowCrds.admissionWebhook.group" . }} + names: + kind: PodDefault + listKind: PodDefaultList + plural: {{ include "kubeflowCrds.admissionWebhook.pluralName" . }} + singular: {{ include "kubeflowCrds.admissionWebhook.singularName" . }} + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + annotations: + additionalProperties: + type: string + type: object + args: + items: + type: string + type: array + automountServiceAccountToken: + type: boolean + command: + items: + type: string + type: array + desc: + type: string + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + initContainers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + serviceAccountName: + type: string + sidecars: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + properties: + volumeClaimTemplate: + properties: + metadata: + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + required: + - spec + type: object + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + required: + - selector + type: object + status: + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + +{{- end }} +{{- end }} diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/katib/experiment.yaml b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/katib/experiment.yaml new file mode 100644 index 00000000..2fe16c08 --- /dev/null +++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/katib/experiment.yaml @@ -0,0 +1,42 @@ +{{- if (include "kubeflowCrds.katib.controller.enabled" . | eq "true") -}} + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: {{ include "kubeflowCrds.katib.controller.experimentFullName" . }} + labels: + {{- include "kubeflowCrds.katib.controller.labels" . | nindent 4 }} +spec: + group: {{ include "kubeflowCrds.katib.controller.group" . }} + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + additionalPrinterColumns: + - name: Type + type: string + jsonPath: .status.conditions[-1:].type + - name: Status + type: string + jsonPath: .status.conditions[-1:].status + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + names: + kind: Experiment + plural: {{ include "kubeflowCrds.katib.controller.experimentPluralName" . }} + singular: {{ include "kubeflowCrds.katib.controller.experimentSingularName" . }} + categories: + - all + - kubeflow + - katib + +{{- end }} diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/katib/suggestion.yaml b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/katib/suggestion.yaml new file mode 100644 index 00000000..544464e0 --- /dev/null +++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/katib/suggestion.yaml @@ -0,0 +1,48 @@ +{{- if (include "kubeflowCrds.katib.controller.enabled" . | eq "true") -}} + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: {{ include "kubeflowCrds.katib.controller.suggestionFullName" . }} + labels: + {{- include "kubeflowCrds.katib.controller.labels" . | nindent 4 }} +spec: + group: {{ include "kubeflowCrds.katib.controller.group" . }} + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + additionalPrinterColumns: + - name: Type + type: string + jsonPath: .status.conditions[-1:].type + - name: Status + type: string + jsonPath: .status.conditions[-1:].status + - name: Requested + type: string + jsonPath: .spec.requests + - name: Assigned + type: string + jsonPath: .status.suggestionCount + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + names: + kind: Suggestion + plural: {{ include "kubeflowCrds.katib.controller.suggestionPluralName" . }} + singular: {{ include "kubeflowCrds.katib.controller.suggestionSingularName" . }} + categories: + - all + - kubeflow + - katib + +{{- end }} diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/katib/trial.yaml b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/katib/trial.yaml new file mode 100644 index 00000000..fccd5adc --- /dev/null +++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/katib/trial.yaml @@ -0,0 +1,42 @@ +{{- if (include "kubeflowCrds.katib.controller.enabled" . | eq "true") -}} + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: {{ include "kubeflowCrds.katib.controller.trialFullName" . }} + labels: + {{- include "kubeflowCrds.katib.controller.labels" . | nindent 4 }} +spec: + group: {{ include "kubeflowCrds.katib.controller.group" . }} + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + additionalPrinterColumns: + - name: Type + type: string + jsonPath: .status.conditions[-1:].type + - name: Status + type: string + jsonPath: .status.conditions[-1:].status + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + names: + kind: Trial + plural: {{ include "kubeflowCrds.katib.controller.trialPluralName" . }} + singular: {{ include "kubeflowCrds.katib.controller.trialSingularName" . }} + categories: + - all + - kubeflow + - katib + +{{- end }} diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/notebooks/kubeflow.org_notebooks.yaml b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/notebooks/kubeflow.org_notebooks.yaml new file mode 100644 index 00000000..f72b1ab0 --- /dev/null +++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/notebooks/kubeflow.org_notebooks.yaml @@ -0,0 +1,9513 @@ +{{- if (include "kubeflowCrds.notebooks.controller.enabled" . | eq "true") -}} + +{{- $ca := printf "%s/%s" + (include "kubeflowCrds.namespace" .) + (include "kubeflowCrds.notebooks.controller.certName" .) +-}} +{{- if .Values.crds.minimized }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.8.0 +{{- if .Values.notebooks.controller.certManager.enabled }} + certmanager.k8s.io/inject-ca-from: {{ $ca }} +{{- end }} + creationTimestamp: null + labels: + {{- include "kubeflowCrds.notebooks.controller.labels" . | nindent 4 }} + name: {{ include "kubeflowCrds.notebooks.controller.fullName" . }} +spec: + conversion: +{{- if .Values.notebooks.controller.webhook.enabled }} + strategy: Webhook + webhookClientConfig: + # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, + # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) + caBundle: Cg== + service: + namespace: system + name: webhook-service + path: /convert +{{- else }} + strategy: None +{{- end }} + group: {{ include "kubeflowCrds.notebooks.controller.group" . }} + names: + kind: Notebook + listKind: NotebookList + plural: {{ include "kubeflowCrds.notebooks.controller.pluralName" . }} + singular: {{ include "kubeflowCrds.notebooks.controller.singularName" . }} + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + subresources: + status: {} + + - name: v1alpha1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: false + subresources: + status: {} + + - name: v1beta1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: false + subresources: + status: {} + +{{- else }} + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.8.0 +{{- if .Values.notebooks.controller.certManager.enabled }} + certmanager.k8s.io/inject-ca-from: {{ $ca }} +{{- end }} + creationTimestamp: null + labels: + {{- include "kubeflowCrds.notebooks.controller.labels" . | nindent 4 }} + name: {{ include "kubeflowCrds.notebooks.controller.fullName" . }} +spec: + conversion: +{{- if .Values.notebooks.controller.webhook.enabled }} + strategy: Webhook + webhookClientConfig: + # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, + # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) + caBundle: Cg== + service: + namespace: system + name: webhook-service + path: /convert +{{- else }} + strategy: None +{{- end }} + group: {{ include "kubeflowCrds.notebooks.controller.group" . }} + names: + kind: Notebook + listKind: NotebookList + plural: {{ include "kubeflowCrds.notebooks.controller.pluralName" . }} + singular: {{ include "kubeflowCrds.notebooks.controller.singularName" . }} + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + template: + properties: + spec: + properties: + activeDeadlineSeconds: + format: int64 + type: integer + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + automountServiceAccountToken: + type: boolean + containers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + - image + type: object + type: array + minItems: 1 + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + options: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + searches: + items: + type: string + type: array + type: object + dnsPolicy: + type: string + enableServiceLinks: + type: boolean + ephemeralContainers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + targetContainerName: + type: string + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + ip: + type: string + type: object + type: array + hostIPC: + type: boolean + hostNetwork: + type: boolean + hostPID: + type: boolean + hostname: + type: string + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + initContainers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + nodeName: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: atomic + os: + properties: + name: + type: string + required: + - name + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + preemptionPolicy: + type: string + priority: + format: int32 + type: integer + priorityClassName: + type: string + readinessGates: + items: + properties: + conditionType: + type: string + required: + - conditionType + type: object + type: array + restartPolicy: + type: string + runtimeClassName: + type: string + schedulerName: + type: string + securityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + serviceAccountName: + type: string + setHostnameAsFQDN: + type: boolean + shareProcessNamespace: + type: boolean + subdomain: + type: string + terminationGracePeriodSeconds: + format: int64 + type: integer + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + topologySpreadConstraints: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + maxSkew: + format: int32 + type: integer + topologyKey: + type: string + whenUnsatisfiable: + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + properties: + volumeClaimTemplate: + properties: + metadata: + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + required: + - spec + type: object + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + required: + - containers + type: object + type: object + type: object + status: + properties: + conditions: + items: + properties: + lastProbeTime: + format: date-time + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + required: + - status + - type + type: object + type: array + containerState: + properties: + running: + properties: + startedAt: + format: date-time + type: string + type: object + terminated: + properties: + containerID: + type: string + exitCode: + format: int32 + type: integer + finishedAt: + format: date-time + type: string + message: + type: string + reason: + type: string + signal: + format: int32 + type: integer + startedAt: + format: date-time + type: string + required: + - exitCode + type: object + waiting: + properties: + message: + type: string + reason: + type: string + type: object + type: object + readyReplicas: + format: int32 + type: integer + required: + - conditions + - containerState + - readyReplicas + type: object + type: object + served: true + storage: true + subresources: + status: {} + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + template: + properties: + spec: + properties: + activeDeadlineSeconds: + format: int64 + type: integer + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + automountServiceAccountToken: + type: boolean + containers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + - image + type: object + type: array + minItems: 1 + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + options: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + searches: + items: + type: string + type: array + type: object + dnsPolicy: + type: string + enableServiceLinks: + type: boolean + ephemeralContainers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + targetContainerName: + type: string + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + ip: + type: string + type: object + type: array + hostIPC: + type: boolean + hostNetwork: + type: boolean + hostPID: + type: boolean + hostname: + type: string + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + initContainers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + nodeName: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: atomic + os: + properties: + name: + type: string + required: + - name + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + preemptionPolicy: + type: string + priority: + format: int32 + type: integer + priorityClassName: + type: string + readinessGates: + items: + properties: + conditionType: + type: string + required: + - conditionType + type: object + type: array + restartPolicy: + type: string + runtimeClassName: + type: string + schedulerName: + type: string + securityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + serviceAccountName: + type: string + setHostnameAsFQDN: + type: boolean + shareProcessNamespace: + type: boolean + subdomain: + type: string + terminationGracePeriodSeconds: + format: int64 + type: integer + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + topologySpreadConstraints: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + maxSkew: + format: int32 + type: integer + topologyKey: + type: string + whenUnsatisfiable: + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + properties: + volumeClaimTemplate: + properties: + metadata: + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + required: + - spec + type: object + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + required: + - containers + type: object + type: object + type: object + status: + properties: + conditions: + items: + properties: + lastProbeTime: + format: date-time + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + required: + - status + - type + type: object + type: array + containerState: + properties: + running: + properties: + startedAt: + format: date-time + type: string + type: object + terminated: + properties: + containerID: + type: string + exitCode: + format: int32 + type: integer + finishedAt: + format: date-time + type: string + message: + type: string + reason: + type: string + signal: + format: int32 + type: integer + startedAt: + format: date-time + type: string + required: + - exitCode + type: object + waiting: + properties: + message: + type: string + reason: + type: string + type: object + type: object + readyReplicas: + format: int32 + type: integer + required: + - conditions + - containerState + - readyReplicas + type: object + type: object + served: true + storage: false + subresources: + status: {} + - name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + template: + properties: + spec: + properties: + activeDeadlineSeconds: + format: int64 + type: integer + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + automountServiceAccountToken: + type: boolean + containers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + - image + type: object + type: array + minItems: 1 + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + options: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + searches: + items: + type: string + type: array + type: object + dnsPolicy: + type: string + enableServiceLinks: + type: boolean + ephemeralContainers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + targetContainerName: + type: string + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + ip: + type: string + type: object + type: array + hostIPC: + type: boolean + hostNetwork: + type: boolean + hostPID: + type: boolean + hostname: + type: string + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + initContainers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + nodeName: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: atomic + os: + properties: + name: + type: string + required: + - name + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + preemptionPolicy: + type: string + priority: + format: int32 + type: integer + priorityClassName: + type: string + readinessGates: + items: + properties: + conditionType: + type: string + required: + - conditionType + type: object + type: array + restartPolicy: + type: string + runtimeClassName: + type: string + schedulerName: + type: string + securityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + serviceAccountName: + type: string + setHostnameAsFQDN: + type: boolean + shareProcessNamespace: + type: boolean + subdomain: + type: string + terminationGracePeriodSeconds: + format: int64 + type: integer + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + topologySpreadConstraints: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + maxSkew: + format: int32 + type: integer + topologyKey: + type: string + whenUnsatisfiable: + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + properties: + volumeClaimTemplate: + properties: + metadata: + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + required: + - spec + type: object + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + required: + - containers + type: object + type: object + type: object + status: + properties: + conditions: + items: + properties: + lastProbeTime: + format: date-time + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + required: + - status + - type + type: object + type: array + containerState: + properties: + running: + properties: + startedAt: + format: date-time + type: string + type: object + terminated: + properties: + containerID: + type: string + exitCode: + format: int32 + type: integer + finishedAt: + format: date-time + type: string + message: + type: string + reason: + type: string + signal: + format: int32 + type: integer + startedAt: + format: date-time + type: string + required: + - exitCode + type: object + waiting: + properties: + message: + type: string + reason: + type: string + type: object + type: object + readyReplicas: + format: int32 + type: integer + required: + - conditions + - containerState + - readyReplicas + type: object + type: object + served: true + storage: false + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + +{{- end }} +{{- end }} diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/pipeline/scheduled-workflow-crd.yaml b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/pipeline/scheduled-workflow-crd.yaml new file mode 100644 index 00000000..95778813 --- /dev/null +++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/pipeline/scheduled-workflow-crd.yaml @@ -0,0 +1,45 @@ +{{- if (include "kubeflowCrds.pipelines.scheduledWorkflow.enabled" . | eq "true") -}} + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + {{- include "kubeflowCrds.pipelines.scheduledWorkflow.labels" . | nindent 4 }} + name: {{ include "kubeflowCrds.pipelines.scheduledWorkflow.fullName" . }} +spec: + group: {{ include "kubeflowCrds.pipelines.scheduledWorkflow.group" . }} + names: + kind: ScheduledWorkflow + listKind: ScheduledWorkflowList + plural: {{ include "kubeflowCrds.pipelines.scheduledWorkflow.pluralName" . }} + shortNames: + - swf + singular: {{ include "kubeflowCrds.pipelines.scheduledWorkflow.singularName" . }} + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-map-type: atomic + status: + type: object + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-map-type: atomic + required: + - spec + - status + type: object + served: true + storage: true + +{{- end }} diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/pipeline/viewer-crd.yaml b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/pipeline/viewer-crd.yaml new file mode 100644 index 00000000..7d768bd2 --- /dev/null +++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/pipeline/viewer-crd.yaml @@ -0,0 +1,40 @@ +{{- if (include "kubeflowCrds.pipelines.viewerCrd.enabled" . | eq "true") -}} + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + {{- include "kubeflowCrds.pipelines.viewerCrd.labels" . | nindent 4 }} + name: {{ include "kubeflowCrds.pipelines.viewerCrd.fullName" . }} +spec: + group: {{ include "kubeflowCrds.pipelines.viewerCrd.group" . }} + names: + kind: Viewer + listKind: ViewerList + plural: {{ include "kubeflowCrds.pipelines.viewerCrd.pluralName" . }} + shortNames: + - vi + singular: {{ include "kubeflowCrds.pipelines.viewerCrd.singularName" . }} + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-map-type: atomic + required: + - spec + type: object + served: true + storage: true + +{{- end }} diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/profiles/kubeflow.org_profiles.yaml b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/profiles/kubeflow.org_profiles.yaml new file mode 100644 index 00000000..b9281e2c --- /dev/null +++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/profiles/kubeflow.org_profiles.yaml @@ -0,0 +1,696 @@ +{{- if (include "kubeflowCrds.profilesController.enabled" . | eq "true") -}} +{{- if .Values.crds.minimized }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.8.0 + creationTimestamp: null + labels: + {{- include "kubeflowCrds.profilesController.labels" . | nindent 4 }} + name: {{ include "kubeflowCrds.profilesController.fullName" . }} +spec: + group: {{ include "kubeflowCrds.profilesController.group" . }} + names: + kind: Profile + listKind: ProfileList + plural: {{ include "kubeflowCrds.profilesController.pluralName" . }} + singular: {{ include "kubeflowCrds.profilesController.singularName" . }} + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: Profile is the Schema for the profiles API + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + subresources: + status: {} + + - name: v1beta1 + schema: + openAPIV3Schema: + description: Profile is the Schema for the profiles API + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: false + subresources: + status: {} + +{{- else }} + + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.8.0 + creationTimestamp: null + labels: + {{- include "kubeflowCrds.profilesController.labels" . | nindent 4 }} + name: {{ include "kubeflowCrds.profilesController.fullName" . }} +spec: + group: {{ include "kubeflowCrds.profilesController.group" . }} + names: + kind: Profile + listKind: ProfileList + plural: {{ include "kubeflowCrds.profilesController.pluralName" . }} + singular: {{ include "kubeflowCrds.profilesController.singularName" . }} + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: Profile is the Schema for the profiles API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ProfileSpec defines the desired state of Profile + properties: + owner: + description: The profile owner + properties: + apiGroup: + description: APIGroup holds the API group of the referenced subject. + Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" + for User and Group subjects. + type: string + kind: + description: Kind of object being referenced. Values defined by + this API group are "User", "Group", and "ServiceAccount". If + the Authorizer does not recognized the kind value, the Authorizer + should report an error. + type: string + name: + description: Name of the object being referenced. + type: string + namespace: + description: Namespace of the referenced object. If the object + kind is non-namespace, such as "User" or "Group", and this value + is not empty the Authorizer should report an error. + type: string + required: + - kind + - name + type: object + plugins: + items: + description: Plugin is for customize actions on different platform. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: array + resourceQuotaSpec: + description: Resourcequota that will be applied to target namespace + properties: + hard: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'hard is the set of desired hard limits for each + named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/' + type: object + scopeSelector: + description: scopeSelector is also a collection of filters like + scopes that must match each object tracked by a quota but expressed + using ScopeSelectorOperator in combination with possible values. + For a resource to match, both scopes AND scopeSelector (if specified + in spec), must be matched. + properties: + matchExpressions: + description: A list of scope selector requirements by scope + of the resources. + items: + description: A scoped-resource selector requirement is a + selector that contains values, a scope name, and an operator + that relates the scope name and values. + properties: + operator: + description: Represents a scope's relationship to a + set of values. Valid operators are In, NotIn, Exists, + DoesNotExist. + type: string + scopeName: + description: The name of the scope that the selector + applies to. + type: string + values: + description: An array of string values. If the operator + is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - operator + - scopeName + type: object + type: array + type: object + scopes: + description: A collection of filters that must match each object + tracked by a quota. If not specified, the quota matches all + objects. + items: + description: A ResourceQuotaScope defines a filter that must + match each object tracked by a quota + type: string + type: array + type: object + type: object + status: + description: ProfileStatus defines the observed state of Profile + properties: + conditions: + items: + properties: + message: + type: string + status: + type: string + type: + type: string + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} + - name: v1beta1 + schema: + openAPIV3Schema: + description: Profile is the Schema for the profiles API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ProfileSpec defines the desired state of Profile + properties: + owner: + description: The profile owner + properties: + apiGroup: + description: APIGroup holds the API group of the referenced subject. + Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" + for User and Group subjects. + type: string + kind: + description: Kind of object being referenced. Values defined by + this API group are "User", "Group", and "ServiceAccount". If + the Authorizer does not recognized the kind value, the Authorizer + should report an error. + type: string + name: + description: Name of the object being referenced. + type: string + namespace: + description: Namespace of the referenced object. If the object + kind is non-namespace, such as "User" or "Group", and this value + is not empty the Authorizer should report an error. + type: string + required: + - kind + - name + type: object + plugins: + items: + description: Plugin is for customize actions on different platform. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: array + resourceQuotaSpec: + description: Resourcequota that will be applied to target namespace + properties: + hard: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'hard is the set of desired hard limits for each + named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/' + type: object + scopeSelector: + description: scopeSelector is also a collection of filters like + scopes that must match each object tracked by a quota but expressed + using ScopeSelectorOperator in combination with possible values. + For a resource to match, both scopes AND scopeSelector (if specified + in spec), must be matched. + properties: + matchExpressions: + description: A list of scope selector requirements by scope + of the resources. + items: + description: A scoped-resource selector requirement is a + selector that contains values, a scope name, and an operator + that relates the scope name and values. + properties: + operator: + description: Represents a scope's relationship to a + set of values. Valid operators are In, NotIn, Exists, + DoesNotExist. + type: string + scopeName: + description: The name of the scope that the selector + applies to. + type: string + values: + description: An array of string values. If the operator + is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - operator + - scopeName + type: object + type: array + type: object + scopes: + description: A collection of filters that must match each object + tracked by a quota. If not specified, the quota matches all + objects. + items: + description: A ResourceQuotaScope defines a filter that must + match each object tracked by a quota + type: string + type: array + type: object + type: object + status: + description: ProfileStatus defines the observed state of Profile + properties: + conditions: + items: + properties: + message: + type: string + status: + type: string + type: + type: string + type: object + type: array + type: object + type: object + served: true + storage: false + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.8.0 + creationTimestamp: null + name: profiles.kubeflow.org +spec: + group: kubeflow.org + names: + kind: Profile + listKind: ProfileList + plural: profiles + singular: profile + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: Profile is the Schema for the profiles API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ProfileSpec defines the desired state of Profile + properties: + owner: + description: The profile owner + properties: + apiGroup: + description: APIGroup holds the API group of the referenced subject. + Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" + for User and Group subjects. + type: string + kind: + description: Kind of object being referenced. Values defined by + this API group are "User", "Group", and "ServiceAccount". If + the Authorizer does not recognized the kind value, the Authorizer + should report an error. + type: string + name: + description: Name of the object being referenced. + type: string + namespace: + description: Namespace of the referenced object. If the object + kind is non-namespace, such as "User" or "Group", and this value + is not empty the Authorizer should report an error. + type: string + required: + - kind + - name + type: object + plugins: + items: + description: Plugin is for customize actions on different platform. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: array + resourceQuotaSpec: + description: Resourcequota that will be applied to target namespace + properties: + hard: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'hard is the set of desired hard limits for each + named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/' + type: object + scopeSelector: + description: scopeSelector is also a collection of filters like + scopes that must match each object tracked by a quota but expressed + using ScopeSelectorOperator in combination with possible values. + For a resource to match, both scopes AND scopeSelector (if specified + in spec), must be matched. + properties: + matchExpressions: + description: A list of scope selector requirements by scope + of the resources. + items: + description: A scoped-resource selector requirement is a + selector that contains values, a scope name, and an operator + that relates the scope name and values. + properties: + operator: + description: Represents a scope's relationship to a + set of values. Valid operators are In, NotIn, Exists, + DoesNotExist. + type: string + scopeName: + description: The name of the scope that the selector + applies to. + type: string + values: + description: An array of string values. If the operator + is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - operator + - scopeName + type: object + type: array + type: object + scopes: + description: A collection of filters that must match each object + tracked by a quota. If not specified, the quota matches all + objects. + items: + description: A ResourceQuotaScope defines a filter that must + match each object tracked by a quota + type: string + type: array + type: object + type: object + status: + description: ProfileStatus defines the observed state of Profile + properties: + conditions: + items: + properties: + message: + type: string + status: + type: string + type: + type: string + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} + - name: v1beta1 + schema: + openAPIV3Schema: + description: Profile is the Schema for the profiles API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ProfileSpec defines the desired state of Profile + properties: + owner: + description: The profile owner + properties: + apiGroup: + description: APIGroup holds the API group of the referenced subject. + Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" + for User and Group subjects. + type: string + kind: + description: Kind of object being referenced. Values defined by + this API group are "User", "Group", and "ServiceAccount". If + the Authorizer does not recognized the kind value, the Authorizer + should report an error. + type: string + name: + description: Name of the object being referenced. + type: string + namespace: + description: Namespace of the referenced object. If the object + kind is non-namespace, such as "User" or "Group", and this value + is not empty the Authorizer should report an error. + type: string + required: + - kind + - name + type: object + plugins: + items: + description: Plugin is for customize actions on different platform. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: array + resourceQuotaSpec: + description: Resourcequota that will be applied to target namespace + properties: + hard: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'hard is the set of desired hard limits for each + named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/' + type: object + scopeSelector: + description: scopeSelector is also a collection of filters like + scopes that must match each object tracked by a quota but expressed + using ScopeSelectorOperator in combination with possible values. + For a resource to match, both scopes AND scopeSelector (if specified + in spec), must be matched. + properties: + matchExpressions: + description: A list of scope selector requirements by scope + of the resources. + items: + description: A scoped-resource selector requirement is a + selector that contains values, a scope name, and an operator + that relates the scope name and values. + properties: + operator: + description: Represents a scope's relationship to a + set of values. Valid operators are In, NotIn, Exists, + DoesNotExist. + type: string + scopeName: + description: The name of the scope that the selector + applies to. + type: string + values: + description: An array of string values. If the operator + is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - operator + - scopeName + type: object + type: array + type: object + scopes: + description: A collection of filters that must match each object + tracked by a quota. If not specified, the quota matches all + objects. + items: + description: A ResourceQuotaScope defines a filter that must + match each object tracked by a quota + type: string + type: array + type: object + type: object + status: + description: ProfileStatus defines the observed state of Profile + properties: + conditions: + items: + properties: + message: + type: string + status: + type: string + type: + type: string + type: object + type: array + type: object + type: object + served: true + storage: false + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +{{- end }} +{{- end }} diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/pvcviewer-controller/kubeflow.org_pvcviewers.yaml b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/pvcviewer-controller/kubeflow.org_pvcviewers.yaml new file mode 100644 index 00000000..8022e6a2 --- /dev/null +++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/pvcviewer-controller/kubeflow.org_pvcviewers.yaml @@ -0,0 +1,3492 @@ +{{- if (include "kubeflowCrds.notebooks.pvcviewerController.enabled" . | eq "true") -}} + +{{- $ca := printf "%s/%s" + (include "kubeflowCrds.namespace" .) + (include "kubeflowCrds.notebooks.pvcviewerController.certName" .) +-}} +{{- if .Values.crds.minimized }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: {{ $ca }} + controller-gen.kubebuilder.io/version: v0.14.0 + labels: + {{- include "kubeflowCrds.notebooks.pvcviewerController.labels" . | nindent 4 }} + name: {{ include "kubeflowCrds.notebooks.pvcviewerController.fullName" . }} +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: {{ include "kubeflowCrds.notebooks.pvcviewerController.manager.name" . }} + namespace: {{ include "kubeflowCrds.namespace" . }} + path: /convert + conversionReviewVersions: + - v1 + group: {{ include "kubeflowCrds.notebooks.pvcviewerController.group" . }} + names: + kind: PVCViewer + listKind: PVCViewerList + plural: {{ include "kubeflowCrds.notebooks.pvcviewerController.pluralName" . }} + singular: {{ include "kubeflowCrds.notebooks.pvcviewerController.singularName" . }} + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + subresources: + status: {} + +{{- else }} + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: {{ $ca }} + controller-gen.kubebuilder.io/version: v0.14.0 + labels: + {{- include "kubeflowCrds.notebooks.pvcviewerController.labels" . | nindent 4 }} + name: {{ include "kubeflowCrds.notebooks.pvcviewerController.fullName" . }} +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: {{ include "kubeflowCrds.notebooks.pvcviewerController.manager.name" . }} + namespace: {{ include "kubeflowCrds.namespace" . }} + path: /convert + conversionReviewVersions: + - v1 + group: {{ include "kubeflowCrds.notebooks.pvcviewerController.group" . }} + names: + kind: PVCViewer + listKind: PVCViewerList + plural: {{ include "kubeflowCrds.notebooks.pvcviewerController.pluralName" . }} + singular: {{ include "kubeflowCrds.notebooks.pvcviewerController.singularName" . }} + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + networking: + properties: + basePrefix: + type: string + rewrite: + type: string + targetPort: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + timeout: + type: string + type: object + podSpec: + properties: + activeDeadlineSeconds: + format: int64 + type: integer + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + automountServiceAccountToken: + type: boolean + containers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + options: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + searches: + items: + type: string + type: array + type: object + dnsPolicy: + type: string + enableServiceLinks: + type: boolean + ephemeralContainers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + targetContainerName: + type: string + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + ip: + type: string + type: object + type: array + hostIPC: + type: boolean + hostNetwork: + type: boolean + hostPID: + type: boolean + hostUsers: + type: boolean + hostname: + type: string + imagePullSecrets: + items: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + nodeName: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: atomic + os: + properties: + name: + type: string + required: + - name + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + preemptionPolicy: + type: string + priority: + format: int32 + type: integer + priorityClassName: + type: string + readinessGates: + items: + properties: + conditionType: + type: string + required: + - conditionType + type: object + type: array + resourceClaims: + items: + properties: + name: + type: string + source: + properties: + resourceClaimName: + type: string + resourceClaimTemplateName: + type: string + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + restartPolicy: + type: string + runtimeClassName: + type: string + schedulerName: + type: string + schedulingGates: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + securityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + serviceAccountName: + type: string + setHostnameAsFQDN: + type: boolean + shareProcessNamespace: + type: boolean + subdomain: + type: string + terminationGracePeriodSeconds: + format: int64 + type: integer + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + topologySpreadConstraints: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + format: int32 + type: integer + minDomains: + format: int32 + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + properties: + volumeClaimTemplate: + properties: + metadata: + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + type: string + volumeAttributesClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + required: + - spec + type: object + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + required: + - containers + type: object + pvc: + type: string + rwoScheduling: + default: false + type: boolean + required: + - pvc + - rwoScheduling + type: object + status: + properties: + conditions: + items: + properties: + lastTransitionTime: + format: date-time + type: string + lastUpdateTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + required: + - status + - type + type: object + type: array + ready: + default: false + type: boolean + url: + type: string + required: + - ready + type: object + type: object + served: true + storage: true + subresources: + status: {} + +{{- end }} +{{- end }} diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/tensorboard/tensorboard.kubeflow.org_tensorboards.yaml b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/tensorboard/tensorboard.kubeflow.org_tensorboards.yaml new file mode 100644 index 00000000..4588a994 --- /dev/null +++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/tensorboard/tensorboard.kubeflow.org_tensorboards.yaml @@ -0,0 +1,91 @@ +{{- if (include "kubeflowCrds.tensorboard.controller.enabled" . | eq "true") -}} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.8.0 + creationTimestamp: null + labels: + {{- include "kubeflowCrds.tensorboard.controller.labels" . | nindent 4 }} + name: {{ include "kubeflowCrds.tensorboard.controller.fullName" . }} +spec: + group: {{ include "kubeflowCrds.tensorboard.controller.group" . }} + names: + kind: Tensorboard + listKind: TensorboardList + plural: {{ include "kubeflowCrds.tensorboard.controller.pluralName" . }} + singular: {{ include "kubeflowCrds.tensorboard.controller.singularName" . }} + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Tensorboard is the Schema for the tensorboards API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TensorboardSpec defines the desired state of Tensorboard + properties: + logspath: + description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster + Important: Run "make" to regenerate code after modifying this file' + type: string + required: + - logspath + type: object + status: + description: TensorboardStatus defines the observed state of Tensorboard + properties: + conditions: + description: Conditions is an array of current conditions + items: + description: TensorboardCondition defines the observed state of + Tensorboard + properties: + deploymentState: + description: Deployment status, 'Available', 'Progressing', + 'ReplicaFailure' . + type: string + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + required: + - deploymentState + type: object + type: array + readyReplicas: + description: ReadyReplicas defines the number of Tensorboard Servers + that are available to connect. The value of ReadyReplicas can be + either 0 or 1 + format: int32 + type: integer + required: + - conditions + - readyReplicas + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + +{{- end }} diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/training-operator/kubeflow.org_mpijobs.yaml b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/training-operator/kubeflow.org_mpijobs.yaml new file mode 100644 index 00000000..322c2a24 --- /dev/null +++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/training-operator/kubeflow.org_mpijobs.yaml @@ -0,0 +1,7547 @@ +{{- if (include "kubeflowCrds.trainingOperator.enabled" . | eq "true") -}} +{{- if .Values.crds.minimized }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + labels: + {{- include "kubeflowCrds.trainingOperator.labels" . | nindent 4 }} + name: {{ include "kubeflowCrds.trainingOperator.mpiFullName" . }} +spec: + group: {{ include "kubeflowCrds.trainingOperator.group" . }} + names: + kind: MPIJob + listKind: MPIJobList + plural: {{ include "kubeflowCrds.trainingOperator.mpiPluralName" . }} + singular: {{ include "kubeflowCrds.trainingOperator.mpiSingularName" . }} + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[-1:].type + name: State + type: string + name: v1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + subresources: + status: {} + +{{- else }} + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + labels: + {{- include "kubeflowCrds.trainingOperator.labels" . | nindent 4 }} + name: {{ include "kubeflowCrds.trainingOperator.mpiFullName" . }} +spec: + group: {{ include "kubeflowCrds.trainingOperator.group" . }} + names: + kind: MPIJob + listKind: MPIJobList + plural: {{ include "kubeflowCrds.trainingOperator.mpiPluralName" . }} + singular: {{ include "kubeflowCrds.trainingOperator.mpiSingularName" . }} + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[-1:].type + name: State + type: string + name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + cleanPodPolicy: + description: |- + CleanPodPolicy defines the policy that whether to kill pods after the job completes. + Defaults to None. + type: string + mainContainer: + description: |- + MainContainer specifies name of the main container which + executes the MPI code. + type: string + mpiReplicaSpecs: + additionalProperties: + description: ReplicaSpec is a description of the replica + properties: + replicas: + description: |- + Replicas is the desired number of replicas of the given template. + If unspecified, defaults to 1. + format: int32 + type: integer + restartPolicy: + description: |- + Restart policy for all replicas within the job. + One of Always, OnFailure, Never and ExitCode. + Default to Never. + type: string + template: + description: |- + Template is the object that describes the pod that + will be created for this replica. RestartPolicy in PodTemplateSpec + will be overide by RestartPolicy in ReplicaSpec + properties: + metadata: + description: |- + Standard object's metadata. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: |- + Specification of the desired behavior of the pod. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + properties: + activeDeadlineSeconds: + description: |- + Optional duration in seconds the pod may be active on the node relative to + StartTime before the system will actively try to mark it failed and kill associated containers. + Value must be a positive integer. + format: int64 + type: integer + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules + (e.g. co-locate this pod in the same node, zone, + etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same + node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates + whether a service account token should be automatically + mounted. + type: boolean + containers: + description: |- + List of containers belonging to the pod. + Containers cannot currently be added or removed. + There must be at least one container in a Pod. + Cannot be updated. + items: + description: A single application container that you + want to run within a pod. + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be + a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: |- + Actions that the management system should take in response to container lifecycle events. + Cannot be updated. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + RestartPolicy defines the restart behavior of individual containers in a pod. + This field may only be set for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod's restart policy and the container type. + type: string + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default is DefaultProcMount which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is + the name of the GMSA credential spec + to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. + type: boolean + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block + devices to be used by the container. + items: + description: volumeDevice describes a mapping + of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside + of the container that the device will + be mapped to. + type: string + name: + description: name must match the name of + a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of + a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + dnsConfig: + description: |- + Specifies the DNS parameters of a pod. + Parameters specified here will be merged to the generated DNS + configuration based on DNSPolicy. + properties: + nameservers: + description: |- + A list of DNS name server IP addresses. + This will be appended to the base nameservers generated from DNSPolicy. + Duplicated nameservers will be removed. + items: + type: string + type: array + options: + description: |- + A list of DNS resolver options. + This will be merged with the base options generated from DNSPolicy. + Duplicated entries will be removed. Resolution options given in Options + will override those that appear in the base DNSPolicy. + items: + description: PodDNSConfigOption defines DNS resolver + options of a pod. + properties: + name: + description: Required. + type: string + value: + type: string + type: object + type: array + searches: + description: |- + A list of DNS search domains for host-name lookup. + This will be appended to the base search paths generated from DNSPolicy. + Duplicated search paths will be removed. + items: + type: string + type: array + type: object + dnsPolicy: + description: |- + Set DNS policy for the pod. + Defaults to "ClusterFirst". + Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. + DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. + To have DNS options set along with hostNetwork, you have to specify DNS policy + explicitly to 'ClusterFirstWithHostNet'. + type: string + enableServiceLinks: + description: |- + EnableServiceLinks indicates whether information about services should be injected into pod's + environment variables, matching the syntax of Docker links. + Optional: Defaults to true. + type: boolean + ephemeralContainers: + description: |- + List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing + pod to perform user-initiated actions such as debugging. This list cannot be specified when + creating a pod, and it cannot be modified by updating the pod spec. In order to add an + ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. + items: + description: |- + An EphemeralContainer is a temporary container that you may add to an existing Pod for + user-initiated activities such as debugging. Ephemeral containers have no resource or + scheduling guarantees, and they will not be restarted when they exit or when a Pod is + removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the + Pod to exceed its resource allocation. + properties: + args: + description: |- + Arguments to the entrypoint. + The image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". + items: + type: string + type: array + command: + description: |- + Entrypoint array. Not executed within a shell. + The image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be + a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: Lifecycle is not allowed for ephemeral + containers. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: Probes are not allowed for ephemeral + containers. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the ephemeral container specified as a DNS_LABEL. + This name must be unique among all containers, init containers and ephemeral containers. + type: string + ports: + description: Ports are not allowed for ephemeral + containers. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: Probes are not allowed for ephemeral + containers. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources + already allocated to the pod. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + Restart policy for the container to manage the restart behavior of each + container within a pod. + This may only be set for init containers. You cannot set this field on + ephemeral containers. + type: string + securityContext: + description: |- + Optional: SecurityContext defines the security options the ephemeral container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default is DefaultProcMount which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is + the name of the GMSA credential spec + to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: Probes are not allowed for ephemeral + containers. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. + type: boolean + targetContainerName: + description: |- + If set, the name of the container from PodSpec that this ephemeral container targets. + The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. + If not set then the ephemeral container uses the namespaces configured in the Pod spec. + + + The container runtime must implement support for this feature. + type: string + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block + devices to be used by the container. + items: + description: volumeDevice describes a mapping + of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside + of the container that the device will + be mapped to. + type: string + name: + description: name must match the name of + a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. + Cannot be updated. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of + a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + hostAliases: + description: |- + HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts + file if specified. This is only valid for non-hostNetwork pods. + items: + description: |- + HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the + pod's hosts file. + properties: + hostnames: + description: Hostnames for the above IP address. + items: + type: string + type: array + ip: + description: IP address of the host file entry. + type: string + type: object + type: array + hostIPC: + description: |- + Use the host's ipc namespace. + Optional: Default to false. + type: boolean + hostNetwork: + description: |- + Host networking requested for this pod. Use the host's network namespace. + If this option is set, the ports that will be used must be specified. + Default to false. + type: boolean + hostPID: + description: |- + Use the host's pid namespace. + Optional: Default to false. + type: boolean + hostUsers: + description: |- + Use the host's user namespace. + Optional: Default to true. + If set to true or not present, the pod will be run in the host user namespace, useful + for when the pod needs a feature only available to the host user namespace, such as + loading a kernel module with CAP_SYS_MODULE. + When set to false, a new userns is created for the pod. + type: boolean + hostname: + description: |- + Specifies the hostname of the Pod + If not specified, the pod's hostname will be set to a system-defined value. + type: string + imagePullSecrets: + description: |- + ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. + If specified, these secrets will be passed to individual puller implementations for them to use. + More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + description: |- + List of initialization containers belonging to the pod. + Init containers are executed in order prior to containers being started. If any + init container fails, the pod is considered to have failed and is handled according + to its restartPolicy. The name for an init container or normal container must be + unique among all containers. + items: + description: A single application container that you + want to run within a pod. + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be + a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: |- + Actions that the management system should take in response to container lifecycle events. + Cannot be updated. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + RestartPolicy defines the restart behavior of individual containers in a pod. + This field may only be set for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod's restart policy and the container type. + type: string + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default is DefaultProcMount which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is + the name of the GMSA credential spec + to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. + type: boolean + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block + devices to be used by the container. + items: + description: volumeDevice describes a mapping + of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside + of the container that the device will + be mapped to. + type: string + name: + description: name must match the name of + a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of + a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + nodeName: + description: |- + NodeName is a request to schedule this pod onto a specific node. If it is non-empty, + the scheduler simply schedules this pod onto that node, assuming that it fits resource + requirements. + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + x-kubernetes-map-type: atomic + os: + description: |- + Specifies the OS of the containers in the pod. + Some pod and container fields are restricted if this is set. + + + If the OS field is set to linux, the following fields must be unset: + -securityContext.windowsOptions + + + If the OS field is set to windows, following fields must be unset: + - spec.hostPID + - spec.hostIPC + - spec.hostUsers + - spec.securityContext.seLinuxOptions + - spec.securityContext. + properties: + name: + description: |- + Name is the name of the operating system. The currently supported values are linux and windows. + Additional value may be defined in future and can be one of: + https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration + Clients should expect to handle additional values and treat unrecognized values in this field as os: null + type: string + required: + - name + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. + This field will be autopopulated at admission time by the RuntimeClass admission controller. If + the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. + The RuntimeClass admission controller will reject Pod create requests which have the overhead already + set. + type: object + preemptionPolicy: + description: |- + PreemptionPolicy is the Policy for preempting pods with lower priority. + One of Never, PreemptLowerPriority. + Defaults to PreemptLowerPriority if unset. + type: string + priority: + description: |- + The priority value. Various system components use this field to find the + priority of the pod. When Priority Admission Controller is enabled, it + prevents users from setting this field. The admission controller populates + this field from PriorityClassName. + The higher the value, the higher the priority. + format: int32 + type: integer + priorityClassName: + description: |- + If specified, indicates the pod's priority. "system-node-critical" and + "system-cluster-critical" are two special keywords which indicate the + highest priorities with the former being the highest priority. Any other + name must be defined by creating a PriorityClass object with that name. + If not specified, the pod priority will be default or zero if there is no + default. + type: string + readinessGates: + description: |- + If specified, all readiness gates will be evaluated for pod readiness. + A pod is ready when all its containers are ready AND + all conditions specified in the readiness gates have status equal to "True" + More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates + items: + description: PodReadinessGate contains the reference + to a pod condition + properties: + conditionType: + description: ConditionType refers to a condition + in the pod's condition list with matching type. + type: string + required: + - conditionType + type: object + type: array + resourceClaims: + description: |- + ResourceClaims defines which ResourceClaims must be allocated + and reserved before the Pod is allowed to start. The resources + will be made available to those containers which consume them + by name. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. + items: + description: |- + PodResourceClaim references exactly one ResourceClaim through a ClaimSource. + It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. + Containers that need access to the ResourceClaim reference it with this name. + properties: + name: + description: |- + Name uniquely identifies this resource claim inside the pod. + This must be a DNS_LABEL. + type: string + source: + description: Source describes where to find the + ResourceClaim. + properties: + resourceClaimName: + description: |- + ResourceClaimName is the name of a ResourceClaim object in the same + namespace as this pod. + type: string + resourceClaimTemplateName: + description: |- + ResourceClaimTemplateName is the name of a ResourceClaimTemplate + object in the same namespace as this pod. + + + The template will be used to create a new ResourceClaim, which will + be bound to this pod. When this pod is deleted, the ResourceClaim + will also be deleted. + type: string + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + restartPolicy: + description: |- + Restart policy for all containers within the pod. + One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. + Default to Always. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy + type: string + runtimeClassName: + description: |- + RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used + to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. + If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an + empty definition that uses the default runtime handler. + More info: https://git.k8s. + type: string + schedulerName: + description: |- + If specified, the pod will be dispatched by specified scheduler. + If not specified, the pod will be dispatched by default scheduler. + type: string + schedulingGates: + description: |- + SchedulingGates is an opaque list of values that if specified will block scheduling the pod. + If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the + scheduler will not attempt to schedule the pod. + + + SchedulingGates can only be set at pod creation time, and be removed only afterwards. + + + This is a beta feature enabled by the PodSchedulingReadiness feature gate. + items: + description: PodSchedulingGate is associated to a + Pod to guard its scheduling. + properties: + name: + description: |- + Name of the scheduling gate. + Each scheduling gate must have a unique name field. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + securityContext: + description: |- + SecurityContext holds pod-level security attributes and common container settings. + Optional: Defaults to empty. See type description for default values of each field. + properties: + fsGroup: + description: |- + A special supplemental group that applies to all containers in a pod. + Some volume types allow the Kubelet to change the ownership of that volume + to be owned by the pod: + + + 1. The owning GID will be the FSGroup + 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + 3. + format: int64 + type: integer + fsGroupChangePolicy: + description: |- + fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + before being exposed inside Pod. This field will only apply to + volume types which support fsGroup based ownership(and permissions). + It will have no effect on ephemeral volume types such as: secret, configmaps + and emptydir. + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + type: string + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in SecurityContext. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that + applies to the container. + type: string + role: + description: Role is a SELinux role label that + applies to the container. + type: string + type: + description: Type is a SELinux type label that + applies to the container. + type: string + user: + description: User is a SELinux user label that + applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + supplementalGroups: + description: |- + A list of groups applied to the first process run in each container, in addition + to the container's primary GID, the fsGroup (if specified), and group memberships + defined in the container image for the uid of the container process. If unspecified, + no additional groups are added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: |- + Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter + to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + serviceAccount: + description: |- + DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. + Deprecated: Use serviceAccountName instead. + type: string + serviceAccountName: + description: |- + ServiceAccountName is the name of the ServiceAccount to use to run this pod. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + type: string + setHostnameAsFQDN: + description: |- + If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). + In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). + type: boolean + shareProcessNamespace: + description: |- + Share a single process namespace between all of the containers in a pod. + When this is set containers will be able to view and signal processes from other containers + in the same pod, and the first process in each container will not be assigned PID 1. + HostPID and ShareProcessNamespace cannot both be set. + Optional: Default to false. + type: boolean + subdomain: + description: |- + If specified, the fully qualified Pod hostname will be "...svc.". + If not specified, the pod will not have a domainname at all. + type: string + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + If this value is nil, the default grace period will be used instead. + format: int64 + type: integer + tolerations: + description: If specified, the pod's tolerations. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: |- + TopologySpreadConstraints describes how a group of pods ought to spread across topology + domains. Scheduler will schedule pods in a way which abides by the constraints. + All topologySpreadConstraints are ANDed. + items: + description: TopologySpreadConstraint specifies how + to spread matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + + If this value is nil, the behavior is equivalent to the Honor policy. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + + If this value is nil, the behavior is equivalent to the Ignore policy. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumes: + description: |- + List of volumes that can be mounted by containers belonging to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes + items: + description: Volume represents a named volume in a + pod that may be accessed by any container in the + pod. + properties: + awsElasticBlockStore: + description: |- + awsElasticBlockStore represents an AWS Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + format: int32 + type: integer + readOnly: + description: |- + readOnly value true will force the readOnly setting in VolumeMounts. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: boolean + volumeID: + description: |- + volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data + Disk mount on the host and bind mount to the + pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching + mode: None, Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data + disk in the blob storage + type: string + diskURI: + description: diskURI is the URI of data disk + in the blob storage + type: string + fsType: + description: |- + fsType is Filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'kind expected values are Shared: + multiple blob disks per storage account Dedicated: + single blob disk per storage account Managed: + azure managed data disk (only in managed + availability set). defaults to shared' + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File + Service mount on the host and bind mount to + the pod. + properties: + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret + that contains Azure Storage Account Name + and Key + type: string + shareName: + description: shareName is the azure share + Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount + on the host that shares a pod's lifetime + properties: + monitors: + description: |- + monitors is Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + items: + type: string + type: array + path: + description: 'path is Optional: Used as the + mounted root, rather than the full Ceph + tree, default is /' + type: string + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: boolean + secretFile: + description: |- + secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + secretRef: + description: |- + secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is optional: User is the rados user name, default is admin + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + required: + - monitors + type: object + cinder: + description: |- + cinder represents a cinder volume attached and mounted on kubelets host machine. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: boolean + secretRef: + description: |- + secretRef is optional: points to a secret object containing parameters used to connect + to OpenStack. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: |- + volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap + that should populate this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify whether the + ConfigMap or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) + represents ephemeral storage that is handled + by certain external CSI drivers (Beta feature). + properties: + driver: + description: |- + driver is the name of the CSI driver that handles this volume. + Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: |- + fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated CSI driver + which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: |- + nodePublishSecretRef is a reference to the secret object containing + sensitive information to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no secret is required. If the + secret object contains more than one secret, all secret references are passed. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: |- + readOnly specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: |- + volumeAttributes stores driver-specific properties that are passed to the CSI + driver. Consult your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API + about the pod that should populate this volume + properties: + defaultMode: + description: |- + Optional: mode bits to use on created files by default. Must be a + Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + format: int32 + type: integer + items: + description: Items is a list of downward API + volume file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: 'Required: Path is the + relative path name of the file to + be created. Must not be absolute or + contain the ''..'' path. Must be utf-8 + encoded. The first item of the relative + path must not start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + description: |- + emptyDir represents a temporary directory that shares a pod's lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + properties: + medium: + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: |- + ephemeral represents a volume that is handled by a cluster storage driver. + The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + and deleted when the pod is removed. + properties: + volumeClaimTemplate: + description: |- + Will be used to create a stand-alone PVC to provision the volume. + The pod in which this EphemeralVolumeSource is embedded will be the + owner of the PVC, i.e. the PVC will be deleted together with the + pod. The name of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` array + entry. + properties: + metadata: + description: |- + May contain labels and annotations that will be copied into the PVC + when creating it. No other fields are allowed and will be rejected during + validation. + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: |- + The specification for the PersistentVolumeClaim. The entire content is + copied unchanged into the PVC that gets created from this + template. The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type + of resource being referenced + type: string + name: + description: Name is the name + of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type + of resource being referenced + type: string + name: + description: Name is the name + of resource being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query + over volumes to consider for binding. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding + reference to the PersistentVolume + backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource + that is attached to a kubelet's host machine + and then exposed to the pod. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + lun: + description: 'lun is Optional: FC target lun + number' + format: int32 + type: integer + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target + worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: |- + wwids Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + items: + type: string + type: array + type: object + flexVolume: + description: |- + flexVolume represents a generic volume resource that is + provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver + to use for this volume. + type: string + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field + holds extra command options if any.' + type: object + readOnly: + description: |- + readOnly is Optional: defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef is Optional: secretRef is reference to the secret object containing + sensitive information to pass to the plugin scripts. This may be + empty if no secret object is specified. If the secret object + contains more than one secret, all secrets are passed to the plugin + scripts. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume + attached to a kubelet's host machine. This depends + on the Flocker control service being running + properties: + datasetName: + description: |- + datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + should be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the + dataset. This is unique identifier of a + Flocker dataset + type: string + type: object + gcePersistentDisk: + description: |- + gcePersistentDisk represents a GCE Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + properties: + fsType: + description: |- + fsType is filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + format: int32 + type: integer + pdName: + description: |- + pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: boolean + required: + - pdName + type: object + gitRepo: + description: |- + gitRepo represents a git repository at a particular revision. + DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + into the Pod's container. + properties: + directory: + description: |- + directory is the target directory name. + Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + git repository. Otherwise, if specified, the volume will contain the git repository in + the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for + the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: |- + glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/glusterfs/README.md + properties: + endpoints: + description: |- + endpoints is the endpoint name that details Glusterfs topology. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + path: + description: |- + path is the Glusterfs volume path. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + readOnly: + description: |- + readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: |- + hostPath represents a pre-existing file or directory on the host + machine that is directly exposed to the container. This is generally + used for system agents or other privileged things that are allowed + to see the host machine. Most containers will NOT need this. + More info: https://kubernetes. + properties: + path: + description: |- + path of the directory on the host. + If the path is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + type: + description: |- + type for HostPath Volume + Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + required: + - path + type: object + iscsi: + description: |- + iscsi represents an ISCSI Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://examples.k8s.io/volumes/iscsi/README.md + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether + support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether + support iSCSI Session CHAP authentication + type: boolean + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + initiatorName: + description: |- + initiatorName is the custom iSCSI Initiator Name. + If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified + Name. + type: string + iscsiInterface: + description: |- + iscsiInterface is the interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun + number. + format: int32 + type: integer + portals: + description: |- + portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret + for iSCSI target and initiator authentication + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: |- + targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: |- + name of the volume. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + nfs: + description: |- + nfs represents an NFS mount on the host that shares a pod's lifetime + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + properties: + path: + description: |- + path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + readOnly: + description: |- + readOnly here will force the NFS export to be mounted with read-only permissions. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: boolean + server: + description: |- + server is the hostname or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: |- + persistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a + PhotonController persistent disk attached and + mounted on kubelets host machine + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: pdID is the ID that identifies + Photon Controller persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx + volume attached and mounted on kubelets host + machine + properties: + fsType: + description: |- + fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies + a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources + secrets, configmaps, and downward API + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + format: int32 + type: integer + sources: + description: sources is the list of volume + projections + items: + description: Projection that may be projected + along with other supported volume types + properties: + clusterTrustBundle: + description: |- + ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field + of ClusterTrustBundle objects in an auto-updating file. + + + Alpha, gated by the ClusterTrustBundleProjection feature gate. + + + ClusterTrustBundle objects can either be selected by name, or by the + combination of signer name and a label selector. + properties: + labelSelector: + description: |- + Select all ClusterTrustBundles that match this label selector. Only has + effect if signerName is set. Mutually-exclusive with name. If unset, + interpreted as "match nothing". If set but empty, interpreted as "match + everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: |- + Select a single ClusterTrustBundle by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: |- + If true, don't block pod startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, then the named ClusterTrustBundle is + allowed not to exist. If using signerName, then the combination of + signerName and labelSelector is allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative path from + the volume root to write the bundle. + type: string + signerName: + description: |- + Select all ClusterTrustBundles that match this signer name. + Mutually-exclusive with name. The contents of all selected + ClusterTrustBundles will be unified and deduplicated. + type: string + required: + - path + type: object + configMap: + description: configMap information about + the configMap data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. + items: + description: Maps a string key + to a path within a volume. + properties: + key: + description: key is the key + to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify whether + the ConfigMap or its keys must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information + about the downwardAPI data to project + properties: + items: + description: Items is a list of + DownwardAPIVolume file + items: + description: DownwardAPIVolumeFile + represents information to create + the file containing the pod + field + properties: + fieldRef: + description: 'Required: Selects + a field of the pod: only + annotations, labels, name + and namespace are supported.' + properties: + apiVersion: + description: Version of + the schema the FieldPath + is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the + field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: 'Required: Path + is the relative path name + of the file to be created. + Must not be absolute or + contain the ''..'' path. + Must be utf-8 encoded. The + first item of the relative + path must not start with + ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container + name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies + the output format of + the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: + resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + description: secret information about + the secret data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. + items: + description: Maps a string key + to a path within a volume. + properties: + key: + description: key is the key + to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional field specify + whether the Secret or its key + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is + information about the serviceAccountToken + data to project + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + format: int64 + type: integer + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + description: quobyte represents a Quobyte mount + on the host that shares a pod's lifetime + properties: + group: + description: |- + group to map volume access to + Default is no group + type: string + readOnly: + description: |- + readOnly here will force the Quobyte volume to be mounted with read-only permissions. + Defaults to false. + type: boolean + registry: + description: |- + registry represents a single or multiple Quobyte Registry services + specified as a string as host:port pair (multiple entries are separated with commas) + which acts as the central registry for volumes + type: string + tenant: + description: |- + tenant owning the given Quobyte volume in the Backend + Used with dynamically provisioned Quobyte volumes, value is set by the plugin + type: string + user: + description: |- + user to map volume access to + Defaults to serivceaccount user + type: string + volume: + description: volume is a string that references + an already created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: |- + rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/rbd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + image: + description: |- + image is the rados image name. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + keyring: + description: |- + keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + monitors: + description: |- + monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + items: + type: string + type: array + pool: + description: |- + pool is the rados pool name. + Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: boolean + secretRef: + description: |- + secretRef is name of the authentication secret for RBDUser. If provided + overrides keyring. + Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is the rados user name. + Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent + volume attached and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". + Default is "xfs". + type: string + gateway: + description: gateway is the host address of + the ScaleIO API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name + of the ScaleIO Protection Domain for the + configured storage. + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation will fail. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable + SSL communication with Gateway, default + false + type: boolean + storageMode: + description: |- + storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage + Pool associated with the protection domain. + type: string + system: + description: system is the name of the storage + system as configured in ScaleIO. + type: string + volumeName: + description: |- + volumeName is the name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: optional field specify whether + the Secret or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + storageos: + description: storageOS represents a StorageOS + volume attached and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef specifies the secret to use for obtaining the StorageOS API + credentials. If not specified, default values will be attempted. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: |- + volumeName is the human-readable name of the StorageOS volume. Volume + names are only unique within a namespace. + type: string + volumeNamespace: + description: |- + volumeNamespace specifies the scope of the volume within StorageOS. If no + namespace is specified then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within StorageOS. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere + volume attached and mounted on kubelets host + machine + properties: + fsType: + description: |- + fsType is filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage + Policy Based Management (SPBM) profile ID + associated with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage + Policy Based Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies + vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + required: + - containers + type: object + type: object + type: object + description: |- + `MPIReplicaSpecs` contains maps from `MPIReplicaType` to `ReplicaSpec` that + specify the MPI replicas to run. + type: object + runPolicy: + description: |- + `RunPolicy` encapsulates various runtime policies of the distributed training + job, for example how to clean up resources and how long the job can stay + active. + properties: + activeDeadlineSeconds: + description: |- + Specifies the duration in seconds relative to the startTime that the job may be active + before the system tries to terminate it; value must be positive integer. + format: int64 + type: integer + backoffLimit: + description: Optional number of retries before marking this job + failed. + format: int32 + type: integer + cleanPodPolicy: + description: |- + CleanPodPolicy defines the policy to kill pods after the job completes. + Default to None. + type: string + schedulingPolicy: + description: SchedulingPolicy defines the policy related to scheduling, + e.g. gang-scheduling + properties: + minAvailable: + format: int32 + type: integer + minResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + priorityClass: + type: string + queue: + type: string + x-kubernetes-validations: + - message: spec.runPolicy.schedulingPolicy.queue is immutable + rule: self == oldSelf + scheduleTimeoutSeconds: + format: int32 + type: integer + type: object + suspend: + default: false + description: |- + suspend specifies whether the Job controller should create Pods or not. + If a Job is created with suspend set to true, no Pods are created by + the Job controller. If a Job is suspended after creation (i.e. the + flag goes from false to true), the Job controller will delete all + active Pods and PodGroups associated with this Job. + Users must design their workload to gracefully handle this. + type: boolean + ttlSecondsAfterFinished: + description: |- + TTLSecondsAfterFinished is the TTL to clean up jobs. + It may take extra ReconcilePeriod seconds for the cleanup, since + reconcile gets called periodically. + Default to infinite. + format: int32 + type: integer + type: object + slotsPerWorker: + description: |- + Specifies the number of slots per worker used in hostfile. + Defaults to 1. + format: int32 + type: integer + required: + - mpiReplicaSpecs + type: object + status: + description: JobStatus represents the current observed state of the training + Job. + properties: + completionTime: + description: |- + Represents time when the job was completed. It is not guaranteed to + be set in happens-before order across separate operations. + It is represented in RFC3339 form and is in UTC. + format: date-time + type: string + conditions: + description: Conditions is an array of current observed job conditions. + items: + description: JobCondition describes the state of the job at a certain + point. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + lastUpdateTime: + description: The last time this condition was updated. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of job condition. + type: string + required: + - status + - type + type: object + type: array + lastReconcileTime: + description: |- + Represents last time when the job was reconciled. It is not guaranteed to + be set in happens-before order across separate operations. + It is represented in RFC3339 form and is in UTC. + format: date-time + type: string + replicaStatuses: + additionalProperties: + description: ReplicaStatus represents the current observed state + of the replica. + properties: + active: + description: The number of actively running pods. + format: int32 + type: integer + failed: + description: The number of pods which reached phase Failed. + format: int32 + type: integer + labelSelector: + description: 'Deprecated: Use Selector instead' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + selector: + description: |- + A Selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty Selector matches all objects. A null + Selector matches no objects. + type: string + succeeded: + description: The number of pods which reached phase Succeeded. + format: int32 + type: integer + type: object + description: |- + ReplicaStatuses is map of ReplicaType and ReplicaStatus, + specifies the status of each replica. + type: object + startTime: + description: |- + Represents time when the job was acknowledged by the job controller. + It is not guaranteed to be set in happens-before order across separate operations. + It is represented in RFC3339 form and is in UTC. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} + +{{- end }} +{{- end }} diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/training-operator/kubeflow.org_mxjobs.yaml b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/training-operator/kubeflow.org_mxjobs.yaml new file mode 100644 index 00000000..900f42f7 --- /dev/null +++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/training-operator/kubeflow.org_mxjobs.yaml @@ -0,0 +1,7544 @@ +{{- if (include "kubeflowCrds.trainingOperator.enabled" . | eq "true") -}} +{{- if .Values.crds.minimized }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + labels: + {{- include "kubeflowCrds.trainingOperator.labels" . | nindent 4 }} + name: {{ include "kubeflowCrds.trainingOperator.mxFullName" . }} +spec: + group: {{ include "kubeflowCrds.trainingOperator.group" . }} + names: + kind: MXJob + listKind: MXJobList + plural: {{ include "kubeflowCrds.trainingOperator.mxPluralName" . }} + singular: {{ include "kubeflowCrds.trainingOperator.mxSingularName" . }} + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[-1:].type + name: State + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: MXJob is the Schema for the mxjobs API + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + subresources: + status: {} + +{{- else }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + labels: + {{- include "kubeflowCrds.trainingOperator.labels" . | nindent 4 }} + name: {{ include "kubeflowCrds.trainingOperator.mxFullName" . }} +spec: + group: {{ include "kubeflowCrds.trainingOperator.group" . }} + names: + kind: MXJob + listKind: MXJobList + plural: {{ include "kubeflowCrds.trainingOperator.mxPluralName" . }} + singular: {{ include "kubeflowCrds.trainingOperator.mxSingularName" . }} + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[-1:].type + name: State + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: MXJob is the Schema for the mxjobs API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: MXJobSpec defines the desired state of MXJob + properties: + jobMode: + description: |- + JobMode specify the kind of MXjob to do. Different mode may have + different MXReplicaSpecs request + type: string + mxReplicaSpecs: + additionalProperties: + description: ReplicaSpec is a description of the replica + properties: + replicas: + description: |- + Replicas is the desired number of replicas of the given template. + If unspecified, defaults to 1. + format: int32 + type: integer + restartPolicy: + description: |- + Restart policy for all replicas within the job. + One of Always, OnFailure, Never and ExitCode. + Default to Never. + type: string + template: + description: |- + Template is the object that describes the pod that + will be created for this replica. RestartPolicy in PodTemplateSpec + will be overide by RestartPolicy in ReplicaSpec + properties: + metadata: + description: |- + Standard object's metadata. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: |- + Specification of the desired behavior of the pod. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + properties: + activeDeadlineSeconds: + description: |- + Optional duration in seconds the pod may be active on the node relative to + StartTime before the system will actively try to mark it failed and kill associated containers. + Value must be a positive integer. + format: int64 + type: integer + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules + (e.g. co-locate this pod in the same node, zone, + etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same + node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates + whether a service account token should be automatically + mounted. + type: boolean + containers: + description: |- + List of containers belonging to the pod. + Containers cannot currently be added or removed. + There must be at least one container in a Pod. + Cannot be updated. + items: + description: A single application container that you + want to run within a pod. + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be + a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: |- + Actions that the management system should take in response to container lifecycle events. + Cannot be updated. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + RestartPolicy defines the restart behavior of individual containers in a pod. + This field may only be set for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod's restart policy and the container type. + type: string + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default is DefaultProcMount which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is + the name of the GMSA credential spec + to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. + type: boolean + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block + devices to be used by the container. + items: + description: volumeDevice describes a mapping + of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside + of the container that the device will + be mapped to. + type: string + name: + description: name must match the name of + a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of + a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + dnsConfig: + description: |- + Specifies the DNS parameters of a pod. + Parameters specified here will be merged to the generated DNS + configuration based on DNSPolicy. + properties: + nameservers: + description: |- + A list of DNS name server IP addresses. + This will be appended to the base nameservers generated from DNSPolicy. + Duplicated nameservers will be removed. + items: + type: string + type: array + options: + description: |- + A list of DNS resolver options. + This will be merged with the base options generated from DNSPolicy. + Duplicated entries will be removed. Resolution options given in Options + will override those that appear in the base DNSPolicy. + items: + description: PodDNSConfigOption defines DNS resolver + options of a pod. + properties: + name: + description: Required. + type: string + value: + type: string + type: object + type: array + searches: + description: |- + A list of DNS search domains for host-name lookup. + This will be appended to the base search paths generated from DNSPolicy. + Duplicated search paths will be removed. + items: + type: string + type: array + type: object + dnsPolicy: + description: |- + Set DNS policy for the pod. + Defaults to "ClusterFirst". + Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. + DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. + To have DNS options set along with hostNetwork, you have to specify DNS policy + explicitly to 'ClusterFirstWithHostNet'. + type: string + enableServiceLinks: + description: |- + EnableServiceLinks indicates whether information about services should be injected into pod's + environment variables, matching the syntax of Docker links. + Optional: Defaults to true. + type: boolean + ephemeralContainers: + description: |- + List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing + pod to perform user-initiated actions such as debugging. This list cannot be specified when + creating a pod, and it cannot be modified by updating the pod spec. In order to add an + ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. + items: + description: |- + An EphemeralContainer is a temporary container that you may add to an existing Pod for + user-initiated activities such as debugging. Ephemeral containers have no resource or + scheduling guarantees, and they will not be restarted when they exit or when a Pod is + removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the + Pod to exceed its resource allocation. + properties: + args: + description: |- + Arguments to the entrypoint. + The image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". + items: + type: string + type: array + command: + description: |- + Entrypoint array. Not executed within a shell. + The image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be + a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: Lifecycle is not allowed for ephemeral + containers. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: Probes are not allowed for ephemeral + containers. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the ephemeral container specified as a DNS_LABEL. + This name must be unique among all containers, init containers and ephemeral containers. + type: string + ports: + description: Ports are not allowed for ephemeral + containers. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: Probes are not allowed for ephemeral + containers. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources + already allocated to the pod. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + Restart policy for the container to manage the restart behavior of each + container within a pod. + This may only be set for init containers. You cannot set this field on + ephemeral containers. + type: string + securityContext: + description: |- + Optional: SecurityContext defines the security options the ephemeral container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default is DefaultProcMount which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is + the name of the GMSA credential spec + to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: Probes are not allowed for ephemeral + containers. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. + type: boolean + targetContainerName: + description: |- + If set, the name of the container from PodSpec that this ephemeral container targets. + The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. + If not set then the ephemeral container uses the namespaces configured in the Pod spec. + + + The container runtime must implement support for this feature. + type: string + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block + devices to be used by the container. + items: + description: volumeDevice describes a mapping + of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside + of the container that the device will + be mapped to. + type: string + name: + description: name must match the name of + a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. + Cannot be updated. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of + a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + hostAliases: + description: |- + HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts + file if specified. This is only valid for non-hostNetwork pods. + items: + description: |- + HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the + pod's hosts file. + properties: + hostnames: + description: Hostnames for the above IP address. + items: + type: string + type: array + ip: + description: IP address of the host file entry. + type: string + type: object + type: array + hostIPC: + description: |- + Use the host's ipc namespace. + Optional: Default to false. + type: boolean + hostNetwork: + description: |- + Host networking requested for this pod. Use the host's network namespace. + If this option is set, the ports that will be used must be specified. + Default to false. + type: boolean + hostPID: + description: |- + Use the host's pid namespace. + Optional: Default to false. + type: boolean + hostUsers: + description: |- + Use the host's user namespace. + Optional: Default to true. + If set to true or not present, the pod will be run in the host user namespace, useful + for when the pod needs a feature only available to the host user namespace, such as + loading a kernel module with CAP_SYS_MODULE. + When set to false, a new userns is created for the pod. + type: boolean + hostname: + description: |- + Specifies the hostname of the Pod + If not specified, the pod's hostname will be set to a system-defined value. + type: string + imagePullSecrets: + description: |- + ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. + If specified, these secrets will be passed to individual puller implementations for them to use. + More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + description: |- + List of initialization containers belonging to the pod. + Init containers are executed in order prior to containers being started. If any + init container fails, the pod is considered to have failed and is handled according + to its restartPolicy. The name for an init container or normal container must be + unique among all containers. + items: + description: A single application container that you + want to run within a pod. + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be + a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: |- + Actions that the management system should take in response to container lifecycle events. + Cannot be updated. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + RestartPolicy defines the restart behavior of individual containers in a pod. + This field may only be set for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod's restart policy and the container type. + type: string + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default is DefaultProcMount which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is + the name of the GMSA credential spec + to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. + type: boolean + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block + devices to be used by the container. + items: + description: volumeDevice describes a mapping + of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside + of the container that the device will + be mapped to. + type: string + name: + description: name must match the name of + a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of + a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + nodeName: + description: |- + NodeName is a request to schedule this pod onto a specific node. If it is non-empty, + the scheduler simply schedules this pod onto that node, assuming that it fits resource + requirements. + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + x-kubernetes-map-type: atomic + os: + description: |- + Specifies the OS of the containers in the pod. + Some pod and container fields are restricted if this is set. + + + If the OS field is set to linux, the following fields must be unset: + -securityContext.windowsOptions + + + If the OS field is set to windows, following fields must be unset: + - spec.hostPID + - spec.hostIPC + - spec.hostUsers + - spec.securityContext.seLinuxOptions + - spec.securityContext. + properties: + name: + description: |- + Name is the name of the operating system. The currently supported values are linux and windows. + Additional value may be defined in future and can be one of: + https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration + Clients should expect to handle additional values and treat unrecognized values in this field as os: null + type: string + required: + - name + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. + This field will be autopopulated at admission time by the RuntimeClass admission controller. If + the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. + The RuntimeClass admission controller will reject Pod create requests which have the overhead already + set. + type: object + preemptionPolicy: + description: |- + PreemptionPolicy is the Policy for preempting pods with lower priority. + One of Never, PreemptLowerPriority. + Defaults to PreemptLowerPriority if unset. + type: string + priority: + description: |- + The priority value. Various system components use this field to find the + priority of the pod. When Priority Admission Controller is enabled, it + prevents users from setting this field. The admission controller populates + this field from PriorityClassName. + The higher the value, the higher the priority. + format: int32 + type: integer + priorityClassName: + description: |- + If specified, indicates the pod's priority. "system-node-critical" and + "system-cluster-critical" are two special keywords which indicate the + highest priorities with the former being the highest priority. Any other + name must be defined by creating a PriorityClass object with that name. + If not specified, the pod priority will be default or zero if there is no + default. + type: string + readinessGates: + description: |- + If specified, all readiness gates will be evaluated for pod readiness. + A pod is ready when all its containers are ready AND + all conditions specified in the readiness gates have status equal to "True" + More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates + items: + description: PodReadinessGate contains the reference + to a pod condition + properties: + conditionType: + description: ConditionType refers to a condition + in the pod's condition list with matching type. + type: string + required: + - conditionType + type: object + type: array + resourceClaims: + description: |- + ResourceClaims defines which ResourceClaims must be allocated + and reserved before the Pod is allowed to start. The resources + will be made available to those containers which consume them + by name. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. + items: + description: |- + PodResourceClaim references exactly one ResourceClaim through a ClaimSource. + It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. + Containers that need access to the ResourceClaim reference it with this name. + properties: + name: + description: |- + Name uniquely identifies this resource claim inside the pod. + This must be a DNS_LABEL. + type: string + source: + description: Source describes where to find the + ResourceClaim. + properties: + resourceClaimName: + description: |- + ResourceClaimName is the name of a ResourceClaim object in the same + namespace as this pod. + type: string + resourceClaimTemplateName: + description: |- + ResourceClaimTemplateName is the name of a ResourceClaimTemplate + object in the same namespace as this pod. + + + The template will be used to create a new ResourceClaim, which will + be bound to this pod. When this pod is deleted, the ResourceClaim + will also be deleted. + type: string + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + restartPolicy: + description: |- + Restart policy for all containers within the pod. + One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. + Default to Always. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy + type: string + runtimeClassName: + description: |- + RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used + to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. + If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an + empty definition that uses the default runtime handler. + More info: https://git.k8s. + type: string + schedulerName: + description: |- + If specified, the pod will be dispatched by specified scheduler. + If not specified, the pod will be dispatched by default scheduler. + type: string + schedulingGates: + description: |- + SchedulingGates is an opaque list of values that if specified will block scheduling the pod. + If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the + scheduler will not attempt to schedule the pod. + + + SchedulingGates can only be set at pod creation time, and be removed only afterwards. + + + This is a beta feature enabled by the PodSchedulingReadiness feature gate. + items: + description: PodSchedulingGate is associated to a + Pod to guard its scheduling. + properties: + name: + description: |- + Name of the scheduling gate. + Each scheduling gate must have a unique name field. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + securityContext: + description: |- + SecurityContext holds pod-level security attributes and common container settings. + Optional: Defaults to empty. See type description for default values of each field. + properties: + fsGroup: + description: |- + A special supplemental group that applies to all containers in a pod. + Some volume types allow the Kubelet to change the ownership of that volume + to be owned by the pod: + + + 1. The owning GID will be the FSGroup + 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + 3. + format: int64 + type: integer + fsGroupChangePolicy: + description: |- + fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + before being exposed inside Pod. This field will only apply to + volume types which support fsGroup based ownership(and permissions). + It will have no effect on ephemeral volume types such as: secret, configmaps + and emptydir. + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + type: string + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in SecurityContext. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that + applies to the container. + type: string + role: + description: Role is a SELinux role label that + applies to the container. + type: string + type: + description: Type is a SELinux type label that + applies to the container. + type: string + user: + description: User is a SELinux user label that + applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + supplementalGroups: + description: |- + A list of groups applied to the first process run in each container, in addition + to the container's primary GID, the fsGroup (if specified), and group memberships + defined in the container image for the uid of the container process. If unspecified, + no additional groups are added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: |- + Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter + to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + serviceAccount: + description: |- + DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. + Deprecated: Use serviceAccountName instead. + type: string + serviceAccountName: + description: |- + ServiceAccountName is the name of the ServiceAccount to use to run this pod. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + type: string + setHostnameAsFQDN: + description: |- + If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). + In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). + type: boolean + shareProcessNamespace: + description: |- + Share a single process namespace between all of the containers in a pod. + When this is set containers will be able to view and signal processes from other containers + in the same pod, and the first process in each container will not be assigned PID 1. + HostPID and ShareProcessNamespace cannot both be set. + Optional: Default to false. + type: boolean + subdomain: + description: |- + If specified, the fully qualified Pod hostname will be "...svc.". + If not specified, the pod will not have a domainname at all. + type: string + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + If this value is nil, the default grace period will be used instead. + format: int64 + type: integer + tolerations: + description: If specified, the pod's tolerations. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: |- + TopologySpreadConstraints describes how a group of pods ought to spread across topology + domains. Scheduler will schedule pods in a way which abides by the constraints. + All topologySpreadConstraints are ANDed. + items: + description: TopologySpreadConstraint specifies how + to spread matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + + If this value is nil, the behavior is equivalent to the Honor policy. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + + If this value is nil, the behavior is equivalent to the Ignore policy. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumes: + description: |- + List of volumes that can be mounted by containers belonging to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes + items: + description: Volume represents a named volume in a + pod that may be accessed by any container in the + pod. + properties: + awsElasticBlockStore: + description: |- + awsElasticBlockStore represents an AWS Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + format: int32 + type: integer + readOnly: + description: |- + readOnly value true will force the readOnly setting in VolumeMounts. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: boolean + volumeID: + description: |- + volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data + Disk mount on the host and bind mount to the + pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching + mode: None, Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data + disk in the blob storage + type: string + diskURI: + description: diskURI is the URI of data disk + in the blob storage + type: string + fsType: + description: |- + fsType is Filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'kind expected values are Shared: + multiple blob disks per storage account Dedicated: + single blob disk per storage account Managed: + azure managed data disk (only in managed + availability set). defaults to shared' + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File + Service mount on the host and bind mount to + the pod. + properties: + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret + that contains Azure Storage Account Name + and Key + type: string + shareName: + description: shareName is the azure share + Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount + on the host that shares a pod's lifetime + properties: + monitors: + description: |- + monitors is Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + items: + type: string + type: array + path: + description: 'path is Optional: Used as the + mounted root, rather than the full Ceph + tree, default is /' + type: string + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: boolean + secretFile: + description: |- + secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + secretRef: + description: |- + secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is optional: User is the rados user name, default is admin + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + required: + - monitors + type: object + cinder: + description: |- + cinder represents a cinder volume attached and mounted on kubelets host machine. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: boolean + secretRef: + description: |- + secretRef is optional: points to a secret object containing parameters used to connect + to OpenStack. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: |- + volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap + that should populate this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify whether the + ConfigMap or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) + represents ephemeral storage that is handled + by certain external CSI drivers (Beta feature). + properties: + driver: + description: |- + driver is the name of the CSI driver that handles this volume. + Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: |- + fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated CSI driver + which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: |- + nodePublishSecretRef is a reference to the secret object containing + sensitive information to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no secret is required. If the + secret object contains more than one secret, all secret references are passed. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: |- + readOnly specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: |- + volumeAttributes stores driver-specific properties that are passed to the CSI + driver. Consult your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API + about the pod that should populate this volume + properties: + defaultMode: + description: |- + Optional: mode bits to use on created files by default. Must be a + Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + format: int32 + type: integer + items: + description: Items is a list of downward API + volume file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: 'Required: Path is the + relative path name of the file to + be created. Must not be absolute or + contain the ''..'' path. Must be utf-8 + encoded. The first item of the relative + path must not start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + description: |- + emptyDir represents a temporary directory that shares a pod's lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + properties: + medium: + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: |- + ephemeral represents a volume that is handled by a cluster storage driver. + The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + and deleted when the pod is removed. + properties: + volumeClaimTemplate: + description: |- + Will be used to create a stand-alone PVC to provision the volume. + The pod in which this EphemeralVolumeSource is embedded will be the + owner of the PVC, i.e. the PVC will be deleted together with the + pod. The name of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` array + entry. + properties: + metadata: + description: |- + May contain labels and annotations that will be copied into the PVC + when creating it. No other fields are allowed and will be rejected during + validation. + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: |- + The specification for the PersistentVolumeClaim. The entire content is + copied unchanged into the PVC that gets created from this + template. The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type + of resource being referenced + type: string + name: + description: Name is the name + of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type + of resource being referenced + type: string + name: + description: Name is the name + of resource being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query + over volumes to consider for binding. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding + reference to the PersistentVolume + backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource + that is attached to a kubelet's host machine + and then exposed to the pod. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + lun: + description: 'lun is Optional: FC target lun + number' + format: int32 + type: integer + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target + worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: |- + wwids Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + items: + type: string + type: array + type: object + flexVolume: + description: |- + flexVolume represents a generic volume resource that is + provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver + to use for this volume. + type: string + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field + holds extra command options if any.' + type: object + readOnly: + description: |- + readOnly is Optional: defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef is Optional: secretRef is reference to the secret object containing + sensitive information to pass to the plugin scripts. This may be + empty if no secret object is specified. If the secret object + contains more than one secret, all secrets are passed to the plugin + scripts. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume + attached to a kubelet's host machine. This depends + on the Flocker control service being running + properties: + datasetName: + description: |- + datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + should be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the + dataset. This is unique identifier of a + Flocker dataset + type: string + type: object + gcePersistentDisk: + description: |- + gcePersistentDisk represents a GCE Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + properties: + fsType: + description: |- + fsType is filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + format: int32 + type: integer + pdName: + description: |- + pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: boolean + required: + - pdName + type: object + gitRepo: + description: |- + gitRepo represents a git repository at a particular revision. + DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + into the Pod's container. + properties: + directory: + description: |- + directory is the target directory name. + Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + git repository. Otherwise, if specified, the volume will contain the git repository in + the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for + the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: |- + glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/glusterfs/README.md + properties: + endpoints: + description: |- + endpoints is the endpoint name that details Glusterfs topology. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + path: + description: |- + path is the Glusterfs volume path. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + readOnly: + description: |- + readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: |- + hostPath represents a pre-existing file or directory on the host + machine that is directly exposed to the container. This is generally + used for system agents or other privileged things that are allowed + to see the host machine. Most containers will NOT need this. + More info: https://kubernetes. + properties: + path: + description: |- + path of the directory on the host. + If the path is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + type: + description: |- + type for HostPath Volume + Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + required: + - path + type: object + iscsi: + description: |- + iscsi represents an ISCSI Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://examples.k8s.io/volumes/iscsi/README.md + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether + support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether + support iSCSI Session CHAP authentication + type: boolean + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + initiatorName: + description: |- + initiatorName is the custom iSCSI Initiator Name. + If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified + Name. + type: string + iscsiInterface: + description: |- + iscsiInterface is the interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun + number. + format: int32 + type: integer + portals: + description: |- + portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret + for iSCSI target and initiator authentication + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: |- + targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: |- + name of the volume. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + nfs: + description: |- + nfs represents an NFS mount on the host that shares a pod's lifetime + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + properties: + path: + description: |- + path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + readOnly: + description: |- + readOnly here will force the NFS export to be mounted with read-only permissions. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: boolean + server: + description: |- + server is the hostname or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: |- + persistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a + PhotonController persistent disk attached and + mounted on kubelets host machine + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: pdID is the ID that identifies + Photon Controller persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx + volume attached and mounted on kubelets host + machine + properties: + fsType: + description: |- + fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies + a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources + secrets, configmaps, and downward API + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + format: int32 + type: integer + sources: + description: sources is the list of volume + projections + items: + description: Projection that may be projected + along with other supported volume types + properties: + clusterTrustBundle: + description: |- + ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field + of ClusterTrustBundle objects in an auto-updating file. + + + Alpha, gated by the ClusterTrustBundleProjection feature gate. + + + ClusterTrustBundle objects can either be selected by name, or by the + combination of signer name and a label selector. + properties: + labelSelector: + description: |- + Select all ClusterTrustBundles that match this label selector. Only has + effect if signerName is set. Mutually-exclusive with name. If unset, + interpreted as "match nothing". If set but empty, interpreted as "match + everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: |- + Select a single ClusterTrustBundle by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: |- + If true, don't block pod startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, then the named ClusterTrustBundle is + allowed not to exist. If using signerName, then the combination of + signerName and labelSelector is allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative path from + the volume root to write the bundle. + type: string + signerName: + description: |- + Select all ClusterTrustBundles that match this signer name. + Mutually-exclusive with name. The contents of all selected + ClusterTrustBundles will be unified and deduplicated. + type: string + required: + - path + type: object + configMap: + description: configMap information about + the configMap data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. + items: + description: Maps a string key + to a path within a volume. + properties: + key: + description: key is the key + to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify whether + the ConfigMap or its keys must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information + about the downwardAPI data to project + properties: + items: + description: Items is a list of + DownwardAPIVolume file + items: + description: DownwardAPIVolumeFile + represents information to create + the file containing the pod + field + properties: + fieldRef: + description: 'Required: Selects + a field of the pod: only + annotations, labels, name + and namespace are supported.' + properties: + apiVersion: + description: Version of + the schema the FieldPath + is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the + field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: 'Required: Path + is the relative path name + of the file to be created. + Must not be absolute or + contain the ''..'' path. + Must be utf-8 encoded. The + first item of the relative + path must not start with + ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container + name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies + the output format of + the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: + resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + description: secret information about + the secret data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. + items: + description: Maps a string key + to a path within a volume. + properties: + key: + description: key is the key + to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional field specify + whether the Secret or its key + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is + information about the serviceAccountToken + data to project + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + format: int64 + type: integer + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + description: quobyte represents a Quobyte mount + on the host that shares a pod's lifetime + properties: + group: + description: |- + group to map volume access to + Default is no group + type: string + readOnly: + description: |- + readOnly here will force the Quobyte volume to be mounted with read-only permissions. + Defaults to false. + type: boolean + registry: + description: |- + registry represents a single or multiple Quobyte Registry services + specified as a string as host:port pair (multiple entries are separated with commas) + which acts as the central registry for volumes + type: string + tenant: + description: |- + tenant owning the given Quobyte volume in the Backend + Used with dynamically provisioned Quobyte volumes, value is set by the plugin + type: string + user: + description: |- + user to map volume access to + Defaults to serivceaccount user + type: string + volume: + description: volume is a string that references + an already created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: |- + rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/rbd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + image: + description: |- + image is the rados image name. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + keyring: + description: |- + keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + monitors: + description: |- + monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + items: + type: string + type: array + pool: + description: |- + pool is the rados pool name. + Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: boolean + secretRef: + description: |- + secretRef is name of the authentication secret for RBDUser. If provided + overrides keyring. + Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is the rados user name. + Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent + volume attached and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". + Default is "xfs". + type: string + gateway: + description: gateway is the host address of + the ScaleIO API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name + of the ScaleIO Protection Domain for the + configured storage. + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation will fail. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable + SSL communication with Gateway, default + false + type: boolean + storageMode: + description: |- + storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage + Pool associated with the protection domain. + type: string + system: + description: system is the name of the storage + system as configured in ScaleIO. + type: string + volumeName: + description: |- + volumeName is the name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: optional field specify whether + the Secret or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + storageos: + description: storageOS represents a StorageOS + volume attached and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef specifies the secret to use for obtaining the StorageOS API + credentials. If not specified, default values will be attempted. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: |- + volumeName is the human-readable name of the StorageOS volume. Volume + names are only unique within a namespace. + type: string + volumeNamespace: + description: |- + volumeNamespace specifies the scope of the volume within StorageOS. If no + namespace is specified then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within StorageOS. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere + volume attached and mounted on kubelets host + machine + properties: + fsType: + description: |- + fsType is filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage + Policy Based Management (SPBM) profile ID + associated with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage + Policy Based Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies + vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + required: + - containers + type: object + type: object + type: object + description: |- + MXReplicaSpecs is map of ReplicaType and ReplicaSpec + specifies the MX replicas to run. + For example, + { + "Scheduler": ReplicaSpec, + "Server": ReplicaSpec, + "Worker": ReplicaSpec, + } + type: object + runPolicy: + description: |- + RunPolicy encapsulates various runtime policies of the distributed training + job, for example how to clean up resources and how long the job can stay + active. + properties: + activeDeadlineSeconds: + description: |- + Specifies the duration in seconds relative to the startTime that the job may be active + before the system tries to terminate it; value must be positive integer. + format: int64 + type: integer + backoffLimit: + description: Optional number of retries before marking this job + failed. + format: int32 + type: integer + cleanPodPolicy: + description: |- + CleanPodPolicy defines the policy to kill pods after the job completes. + Default to None. + type: string + schedulingPolicy: + description: SchedulingPolicy defines the policy related to scheduling, + e.g. gang-scheduling + properties: + minAvailable: + format: int32 + type: integer + minResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + priorityClass: + type: string + queue: + type: string + x-kubernetes-validations: + - message: spec.runPolicy.schedulingPolicy.queue is immutable + rule: self == oldSelf + scheduleTimeoutSeconds: + format: int32 + type: integer + type: object + suspend: + default: false + description: |- + suspend specifies whether the Job controller should create Pods or not. + If a Job is created with suspend set to true, no Pods are created by + the Job controller. If a Job is suspended after creation (i.e. the + flag goes from false to true), the Job controller will delete all + active Pods and PodGroups associated with this Job. + Users must design their workload to gracefully handle this. + type: boolean + ttlSecondsAfterFinished: + description: |- + TTLSecondsAfterFinished is the TTL to clean up jobs. + It may take extra ReconcilePeriod seconds for the cleanup, since + reconcile gets called periodically. + Default to infinite. + format: int32 + type: integer + type: object + required: + - jobMode + - mxReplicaSpecs + type: object + status: + description: JobStatus represents the current observed state of the training + Job. + properties: + completionTime: + description: |- + Represents time when the job was completed. It is not guaranteed to + be set in happens-before order across separate operations. + It is represented in RFC3339 form and is in UTC. + format: date-time + type: string + conditions: + description: Conditions is an array of current observed job conditions. + items: + description: JobCondition describes the state of the job at a certain + point. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + lastUpdateTime: + description: The last time this condition was updated. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of job condition. + type: string + required: + - status + - type + type: object + type: array + lastReconcileTime: + description: |- + Represents last time when the job was reconciled. It is not guaranteed to + be set in happens-before order across separate operations. + It is represented in RFC3339 form and is in UTC. + format: date-time + type: string + replicaStatuses: + additionalProperties: + description: ReplicaStatus represents the current observed state + of the replica. + properties: + active: + description: The number of actively running pods. + format: int32 + type: integer + failed: + description: The number of pods which reached phase Failed. + format: int32 + type: integer + labelSelector: + description: 'Deprecated: Use Selector instead' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + selector: + description: |- + A Selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty Selector matches all objects. A null + Selector matches no objects. + type: string + succeeded: + description: The number of pods which reached phase Succeeded. + format: int32 + type: integer + type: object + description: |- + ReplicaStatuses is map of ReplicaType and ReplicaStatus, + specifies the status of each replica. + type: object + startTime: + description: |- + Represents time when the job was acknowledged by the job controller. + It is not guaranteed to be set in happens-before order across separate operations. + It is represented in RFC3339 form and is in UTC. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +{{- end }} +{{- end }} diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/training-operator/kubeflow.org_paddlejobs.yaml b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/training-operator/kubeflow.org_paddlejobs.yaml new file mode 100644 index 00000000..dd413a56 --- /dev/null +++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/training-operator/kubeflow.org_paddlejobs.yaml @@ -0,0 +1,8031 @@ +{{- if (include "kubeflowCrds.trainingOperator.enabled" . | eq "true") -}} +{{- if .Values.crds.minimized }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + labels: + {{- include "kubeflowCrds.trainingOperator.labels" . | nindent 4 }} + name: {{ include "kubeflowCrds.trainingOperator.paddleFullName" . }} +spec: + group: {{ include "kubeflowCrds.trainingOperator.group" . }} + names: + kind: PaddleJob + listKind: PaddleJobList + plural: {{ include "kubeflowCrds.trainingOperator.paddlePluralName" . }} + singular: {{ include "kubeflowCrds.trainingOperator.paddleSingularName" . }} + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[-1:].type + name: State + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: PaddleJob Represents a PaddleJob resource. + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.replicaStatuses.Worker.selector + specReplicasPath: .spec.paddleReplicaSpecs.Worker.replicas + statusReplicasPath: .status.replicaStatuses.Worker.active + status: {} + +{{- else }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + labels: + {{- include "kubeflowCrds.trainingOperator.labels" . | nindent 4 }} + name: {{ include "kubeflowCrds.trainingOperator.paddleFullName" . }} +spec: + group: {{ include "kubeflowCrds.trainingOperator.group" . }} + names: + kind: PaddleJob + listKind: PaddleJobList + plural: {{ include "kubeflowCrds.trainingOperator.paddlePluralName" . }} + singular: {{ include "kubeflowCrds.trainingOperator.paddleSingularName" . }} + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[-1:].type + name: State + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: PaddleJob Represents a PaddleJob resource. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Specification of the desired state of the PaddleJob. + properties: + elasticPolicy: + description: ElasticPolicy holds the elastic policy for paddle job. + properties: + maxReplicas: + description: upper limit for the number of pods that can be set + by the autoscaler; cannot be smaller than MinReplicas, defaults + to null. + format: int32 + type: integer + maxRestarts: + description: MaxRestarts is the limit for restart times of pods + in elastic mode. + format: int32 + type: integer + metrics: + description: |- + Metrics contains the specifications which are used to calculate the + desired replica count (the maximum replica count across all metrics will + be used). The desired replica count is calculated with multiplying the + ratio between the target value and the current value by the current + number of pods. Ergo, metrics used must decrease as the pod count is + increased, and vice-versa. + items: + description: |- + MetricSpec specifies how to scale based on a single metric + (only `type` and one other matching field should be set at once). + properties: + containerResource: + description: |- + containerResource refers to a resource metric (such as those specified in + requests and limits) known to Kubernetes describing a single container in + each pod of the current scale target (e.g. CPU or memory). Such metrics are + built in to Kubernetes, and have special scaling options on top of those + available to normal per-pod metrics using the "pods" source. + properties: + container: + description: container is the name of the container + in the pods of the scaling target + type: string + name: + description: name is the name of the resource in question. + type: string + target: + description: target specifies the target value for the + given metric + properties: + averageUtilization: + description: |- + averageUtilization is the target value of the average of the + resource metric across all relevant pods, represented as a percentage of + the requested value of the resource for the pods. + Currently only valid for Resource metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: |- + averageValue is the target value of the average of the + metric across all relevant pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the metric + (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - container + - name + - target + type: object + external: + description: |- + external refers to a global metric that is not associated + with any Kubernetes object. It allows autoscaling based on information + coming from components running outside of cluster + (for example length of queue in cloud messaging service, or + QPS from loadbalancer running outside of cluster). + properties: + metric: + description: metric identifies the target metric by + name and selector + properties: + name: + description: name is the name of the given metric + type: string + selector: + description: |- + selector is the string-encoded form of a standard kubernetes label selector for the given metric + When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping. + When unset, just the metricName will be used to gather metrics. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - name + type: object + target: + description: target specifies the target value for the + given metric + properties: + averageUtilization: + description: |- + averageUtilization is the target value of the average of the + resource metric across all relevant pods, represented as a percentage of + the requested value of the resource for the pods. + Currently only valid for Resource metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: |- + averageValue is the target value of the average of the + metric across all relevant pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the metric + (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - metric + - target + type: object + object: + description: |- + object refers to a metric describing a single kubernetes object + (for example, hits-per-second on an Ingress object). + properties: + describedObject: + description: describedObject specifies the descriptions + of a object,such as kind,name apiVersion + properties: + apiVersion: + description: apiVersion is the API version of the + referent + type: string + kind: + description: 'kind is the kind of the referent; + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'name is the name of the referent; + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + required: + - kind + - name + type: object + metric: + description: metric identifies the target metric by + name and selector + properties: + name: + description: name is the name of the given metric + type: string + selector: + description: |- + selector is the string-encoded form of a standard kubernetes label selector for the given metric + When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping. + When unset, just the metricName will be used to gather metrics. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - name + type: object + target: + description: target specifies the target value for the + given metric + properties: + averageUtilization: + description: |- + averageUtilization is the target value of the average of the + resource metric across all relevant pods, represented as a percentage of + the requested value of the resource for the pods. + Currently only valid for Resource metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: |- + averageValue is the target value of the average of the + metric across all relevant pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the metric + (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - describedObject + - metric + - target + type: object + pods: + description: |- + pods refers to a metric describing each pod in the current scale target + (for example, transactions-processed-per-second). The values will be + averaged together before being compared to the target value. + properties: + metric: + description: metric identifies the target metric by + name and selector + properties: + name: + description: name is the name of the given metric + type: string + selector: + description: |- + selector is the string-encoded form of a standard kubernetes label selector for the given metric + When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping. + When unset, just the metricName will be used to gather metrics. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - name + type: object + target: + description: target specifies the target value for the + given metric + properties: + averageUtilization: + description: |- + averageUtilization is the target value of the average of the + resource metric across all relevant pods, represented as a percentage of + the requested value of the resource for the pods. + Currently only valid for Resource metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: |- + averageValue is the target value of the average of the + metric across all relevant pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the metric + (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - metric + - target + type: object + resource: + description: |- + resource refers to a resource metric (such as those specified in + requests and limits) known to Kubernetes describing each pod in the + current scale target (e.g. CPU or memory). Such metrics are built in to + Kubernetes, and have special scaling options on top of those available + to normal per-pod metrics using the "pods" source. + properties: + name: + description: name is the name of the resource in question. + type: string + target: + description: target specifies the target value for the + given metric + properties: + averageUtilization: + description: |- + averageUtilization is the target value of the average of the + resource metric across all relevant pods, represented as a percentage of + the requested value of the resource for the pods. + Currently only valid for Resource metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: |- + averageValue is the target value of the average of the + metric across all relevant pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the metric + (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - name + - target + type: object + type: + description: |- + type is the type of metric source. It should be one of "ContainerResource", "External", + "Object", "Pods" or "Resource", each mapping to a matching field in the object. + Note: "ContainerResource" type is available on when the feature-gate + HPAContainerMetrics is enabled + type: string + required: + - type + type: object + type: array + minReplicas: + description: |- + minReplicas is the lower limit for the number of replicas to which the training job + can scale down. It defaults to null. + format: int32 + type: integer + type: object + paddleReplicaSpecs: + additionalProperties: + description: ReplicaSpec is a description of the replica + properties: + replicas: + description: |- + Replicas is the desired number of replicas of the given template. + If unspecified, defaults to 1. + format: int32 + type: integer + restartPolicy: + description: |- + Restart policy for all replicas within the job. + One of Always, OnFailure, Never and ExitCode. + Default to Never. + type: string + template: + description: |- + Template is the object that describes the pod that + will be created for this replica. RestartPolicy in PodTemplateSpec + will be overide by RestartPolicy in ReplicaSpec + properties: + metadata: + description: |- + Standard object's metadata. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: |- + Specification of the desired behavior of the pod. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + properties: + activeDeadlineSeconds: + description: |- + Optional duration in seconds the pod may be active on the node relative to + StartTime before the system will actively try to mark it failed and kill associated containers. + Value must be a positive integer. + format: int64 + type: integer + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules + (e.g. co-locate this pod in the same node, zone, + etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same + node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates + whether a service account token should be automatically + mounted. + type: boolean + containers: + description: |- + List of containers belonging to the pod. + Containers cannot currently be added or removed. + There must be at least one container in a Pod. + Cannot be updated. + items: + description: A single application container that you + want to run within a pod. + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be + a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: |- + Actions that the management system should take in response to container lifecycle events. + Cannot be updated. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + RestartPolicy defines the restart behavior of individual containers in a pod. + This field may only be set for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod's restart policy and the container type. + type: string + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default is DefaultProcMount which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is + the name of the GMSA credential spec + to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. + type: boolean + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block + devices to be used by the container. + items: + description: volumeDevice describes a mapping + of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside + of the container that the device will + be mapped to. + type: string + name: + description: name must match the name of + a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of + a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + dnsConfig: + description: |- + Specifies the DNS parameters of a pod. + Parameters specified here will be merged to the generated DNS + configuration based on DNSPolicy. + properties: + nameservers: + description: |- + A list of DNS name server IP addresses. + This will be appended to the base nameservers generated from DNSPolicy. + Duplicated nameservers will be removed. + items: + type: string + type: array + options: + description: |- + A list of DNS resolver options. + This will be merged with the base options generated from DNSPolicy. + Duplicated entries will be removed. Resolution options given in Options + will override those that appear in the base DNSPolicy. + items: + description: PodDNSConfigOption defines DNS resolver + options of a pod. + properties: + name: + description: Required. + type: string + value: + type: string + type: object + type: array + searches: + description: |- + A list of DNS search domains for host-name lookup. + This will be appended to the base search paths generated from DNSPolicy. + Duplicated search paths will be removed. + items: + type: string + type: array + type: object + dnsPolicy: + description: |- + Set DNS policy for the pod. + Defaults to "ClusterFirst". + Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. + DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. + To have DNS options set along with hostNetwork, you have to specify DNS policy + explicitly to 'ClusterFirstWithHostNet'. + type: string + enableServiceLinks: + description: |- + EnableServiceLinks indicates whether information about services should be injected into pod's + environment variables, matching the syntax of Docker links. + Optional: Defaults to true. + type: boolean + ephemeralContainers: + description: |- + List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing + pod to perform user-initiated actions such as debugging. This list cannot be specified when + creating a pod, and it cannot be modified by updating the pod spec. In order to add an + ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. + items: + description: |- + An EphemeralContainer is a temporary container that you may add to an existing Pod for + user-initiated activities such as debugging. Ephemeral containers have no resource or + scheduling guarantees, and they will not be restarted when they exit or when a Pod is + removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the + Pod to exceed its resource allocation. + properties: + args: + description: |- + Arguments to the entrypoint. + The image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". + items: + type: string + type: array + command: + description: |- + Entrypoint array. Not executed within a shell. + The image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be + a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: Lifecycle is not allowed for ephemeral + containers. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: Probes are not allowed for ephemeral + containers. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the ephemeral container specified as a DNS_LABEL. + This name must be unique among all containers, init containers and ephemeral containers. + type: string + ports: + description: Ports are not allowed for ephemeral + containers. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: Probes are not allowed for ephemeral + containers. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources + already allocated to the pod. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + Restart policy for the container to manage the restart behavior of each + container within a pod. + This may only be set for init containers. You cannot set this field on + ephemeral containers. + type: string + securityContext: + description: |- + Optional: SecurityContext defines the security options the ephemeral container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default is DefaultProcMount which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is + the name of the GMSA credential spec + to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: Probes are not allowed for ephemeral + containers. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. + type: boolean + targetContainerName: + description: |- + If set, the name of the container from PodSpec that this ephemeral container targets. + The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. + If not set then the ephemeral container uses the namespaces configured in the Pod spec. + + + The container runtime must implement support for this feature. + type: string + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block + devices to be used by the container. + items: + description: volumeDevice describes a mapping + of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside + of the container that the device will + be mapped to. + type: string + name: + description: name must match the name of + a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. + Cannot be updated. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of + a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + hostAliases: + description: |- + HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts + file if specified. This is only valid for non-hostNetwork pods. + items: + description: |- + HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the + pod's hosts file. + properties: + hostnames: + description: Hostnames for the above IP address. + items: + type: string + type: array + ip: + description: IP address of the host file entry. + type: string + type: object + type: array + hostIPC: + description: |- + Use the host's ipc namespace. + Optional: Default to false. + type: boolean + hostNetwork: + description: |- + Host networking requested for this pod. Use the host's network namespace. + If this option is set, the ports that will be used must be specified. + Default to false. + type: boolean + hostPID: + description: |- + Use the host's pid namespace. + Optional: Default to false. + type: boolean + hostUsers: + description: |- + Use the host's user namespace. + Optional: Default to true. + If set to true or not present, the pod will be run in the host user namespace, useful + for when the pod needs a feature only available to the host user namespace, such as + loading a kernel module with CAP_SYS_MODULE. + When set to false, a new userns is created for the pod. + type: boolean + hostname: + description: |- + Specifies the hostname of the Pod + If not specified, the pod's hostname will be set to a system-defined value. + type: string + imagePullSecrets: + description: |- + ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. + If specified, these secrets will be passed to individual puller implementations for them to use. + More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + description: |- + List of initialization containers belonging to the pod. + Init containers are executed in order prior to containers being started. If any + init container fails, the pod is considered to have failed and is handled according + to its restartPolicy. The name for an init container or normal container must be + unique among all containers. + items: + description: A single application container that you + want to run within a pod. + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be + a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: |- + Actions that the management system should take in response to container lifecycle events. + Cannot be updated. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + RestartPolicy defines the restart behavior of individual containers in a pod. + This field may only be set for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod's restart policy and the container type. + type: string + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default is DefaultProcMount which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is + the name of the GMSA credential spec + to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. + type: boolean + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block + devices to be used by the container. + items: + description: volumeDevice describes a mapping + of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside + of the container that the device will + be mapped to. + type: string + name: + description: name must match the name of + a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of + a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + nodeName: + description: |- + NodeName is a request to schedule this pod onto a specific node. If it is non-empty, + the scheduler simply schedules this pod onto that node, assuming that it fits resource + requirements. + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + x-kubernetes-map-type: atomic + os: + description: |- + Specifies the OS of the containers in the pod. + Some pod and container fields are restricted if this is set. + + + If the OS field is set to linux, the following fields must be unset: + -securityContext.windowsOptions + + + If the OS field is set to windows, following fields must be unset: + - spec.hostPID + - spec.hostIPC + - spec.hostUsers + - spec.securityContext.seLinuxOptions + - spec.securityContext. + properties: + name: + description: |- + Name is the name of the operating system. The currently supported values are linux and windows. + Additional value may be defined in future and can be one of: + https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration + Clients should expect to handle additional values and treat unrecognized values in this field as os: null + type: string + required: + - name + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. + This field will be autopopulated at admission time by the RuntimeClass admission controller. If + the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. + The RuntimeClass admission controller will reject Pod create requests which have the overhead already + set. + type: object + preemptionPolicy: + description: |- + PreemptionPolicy is the Policy for preempting pods with lower priority. + One of Never, PreemptLowerPriority. + Defaults to PreemptLowerPriority if unset. + type: string + priority: + description: |- + The priority value. Various system components use this field to find the + priority of the pod. When Priority Admission Controller is enabled, it + prevents users from setting this field. The admission controller populates + this field from PriorityClassName. + The higher the value, the higher the priority. + format: int32 + type: integer + priorityClassName: + description: |- + If specified, indicates the pod's priority. "system-node-critical" and + "system-cluster-critical" are two special keywords which indicate the + highest priorities with the former being the highest priority. Any other + name must be defined by creating a PriorityClass object with that name. + If not specified, the pod priority will be default or zero if there is no + default. + type: string + readinessGates: + description: |- + If specified, all readiness gates will be evaluated for pod readiness. + A pod is ready when all its containers are ready AND + all conditions specified in the readiness gates have status equal to "True" + More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates + items: + description: PodReadinessGate contains the reference + to a pod condition + properties: + conditionType: + description: ConditionType refers to a condition + in the pod's condition list with matching type. + type: string + required: + - conditionType + type: object + type: array + resourceClaims: + description: |- + ResourceClaims defines which ResourceClaims must be allocated + and reserved before the Pod is allowed to start. The resources + will be made available to those containers which consume them + by name. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. + items: + description: |- + PodResourceClaim references exactly one ResourceClaim through a ClaimSource. + It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. + Containers that need access to the ResourceClaim reference it with this name. + properties: + name: + description: |- + Name uniquely identifies this resource claim inside the pod. + This must be a DNS_LABEL. + type: string + source: + description: Source describes where to find the + ResourceClaim. + properties: + resourceClaimName: + description: |- + ResourceClaimName is the name of a ResourceClaim object in the same + namespace as this pod. + type: string + resourceClaimTemplateName: + description: |- + ResourceClaimTemplateName is the name of a ResourceClaimTemplate + object in the same namespace as this pod. + + + The template will be used to create a new ResourceClaim, which will + be bound to this pod. When this pod is deleted, the ResourceClaim + will also be deleted. + type: string + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + restartPolicy: + description: |- + Restart policy for all containers within the pod. + One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. + Default to Always. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy + type: string + runtimeClassName: + description: |- + RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used + to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. + If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an + empty definition that uses the default runtime handler. + More info: https://git.k8s. + type: string + schedulerName: + description: |- + If specified, the pod will be dispatched by specified scheduler. + If not specified, the pod will be dispatched by default scheduler. + type: string + schedulingGates: + description: |- + SchedulingGates is an opaque list of values that if specified will block scheduling the pod. + If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the + scheduler will not attempt to schedule the pod. + + + SchedulingGates can only be set at pod creation time, and be removed only afterwards. + + + This is a beta feature enabled by the PodSchedulingReadiness feature gate. + items: + description: PodSchedulingGate is associated to a + Pod to guard its scheduling. + properties: + name: + description: |- + Name of the scheduling gate. + Each scheduling gate must have a unique name field. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + securityContext: + description: |- + SecurityContext holds pod-level security attributes and common container settings. + Optional: Defaults to empty. See type description for default values of each field. + properties: + fsGroup: + description: |- + A special supplemental group that applies to all containers in a pod. + Some volume types allow the Kubelet to change the ownership of that volume + to be owned by the pod: + + + 1. The owning GID will be the FSGroup + 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + 3. + format: int64 + type: integer + fsGroupChangePolicy: + description: |- + fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + before being exposed inside Pod. This field will only apply to + volume types which support fsGroup based ownership(and permissions). + It will have no effect on ephemeral volume types such as: secret, configmaps + and emptydir. + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + type: string + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in SecurityContext. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that + applies to the container. + type: string + role: + description: Role is a SELinux role label that + applies to the container. + type: string + type: + description: Type is a SELinux type label that + applies to the container. + type: string + user: + description: User is a SELinux user label that + applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + supplementalGroups: + description: |- + A list of groups applied to the first process run in each container, in addition + to the container's primary GID, the fsGroup (if specified), and group memberships + defined in the container image for the uid of the container process. If unspecified, + no additional groups are added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: |- + Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter + to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + serviceAccount: + description: |- + DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. + Deprecated: Use serviceAccountName instead. + type: string + serviceAccountName: + description: |- + ServiceAccountName is the name of the ServiceAccount to use to run this pod. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + type: string + setHostnameAsFQDN: + description: |- + If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). + In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). + type: boolean + shareProcessNamespace: + description: |- + Share a single process namespace between all of the containers in a pod. + When this is set containers will be able to view and signal processes from other containers + in the same pod, and the first process in each container will not be assigned PID 1. + HostPID and ShareProcessNamespace cannot both be set. + Optional: Default to false. + type: boolean + subdomain: + description: |- + If specified, the fully qualified Pod hostname will be "...svc.". + If not specified, the pod will not have a domainname at all. + type: string + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + If this value is nil, the default grace period will be used instead. + format: int64 + type: integer + tolerations: + description: If specified, the pod's tolerations. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: |- + TopologySpreadConstraints describes how a group of pods ought to spread across topology + domains. Scheduler will schedule pods in a way which abides by the constraints. + All topologySpreadConstraints are ANDed. + items: + description: TopologySpreadConstraint specifies how + to spread matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + + If this value is nil, the behavior is equivalent to the Honor policy. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + + If this value is nil, the behavior is equivalent to the Ignore policy. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumes: + description: |- + List of volumes that can be mounted by containers belonging to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes + items: + description: Volume represents a named volume in a + pod that may be accessed by any container in the + pod. + properties: + awsElasticBlockStore: + description: |- + awsElasticBlockStore represents an AWS Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + format: int32 + type: integer + readOnly: + description: |- + readOnly value true will force the readOnly setting in VolumeMounts. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: boolean + volumeID: + description: |- + volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data + Disk mount on the host and bind mount to the + pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching + mode: None, Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data + disk in the blob storage + type: string + diskURI: + description: diskURI is the URI of data disk + in the blob storage + type: string + fsType: + description: |- + fsType is Filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'kind expected values are Shared: + multiple blob disks per storage account Dedicated: + single blob disk per storage account Managed: + azure managed data disk (only in managed + availability set). defaults to shared' + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File + Service mount on the host and bind mount to + the pod. + properties: + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret + that contains Azure Storage Account Name + and Key + type: string + shareName: + description: shareName is the azure share + Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount + on the host that shares a pod's lifetime + properties: + monitors: + description: |- + monitors is Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + items: + type: string + type: array + path: + description: 'path is Optional: Used as the + mounted root, rather than the full Ceph + tree, default is /' + type: string + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: boolean + secretFile: + description: |- + secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + secretRef: + description: |- + secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is optional: User is the rados user name, default is admin + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + required: + - monitors + type: object + cinder: + description: |- + cinder represents a cinder volume attached and mounted on kubelets host machine. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: boolean + secretRef: + description: |- + secretRef is optional: points to a secret object containing parameters used to connect + to OpenStack. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: |- + volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap + that should populate this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify whether the + ConfigMap or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) + represents ephemeral storage that is handled + by certain external CSI drivers (Beta feature). + properties: + driver: + description: |- + driver is the name of the CSI driver that handles this volume. + Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: |- + fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated CSI driver + which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: |- + nodePublishSecretRef is a reference to the secret object containing + sensitive information to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no secret is required. If the + secret object contains more than one secret, all secret references are passed. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: |- + readOnly specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: |- + volumeAttributes stores driver-specific properties that are passed to the CSI + driver. Consult your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API + about the pod that should populate this volume + properties: + defaultMode: + description: |- + Optional: mode bits to use on created files by default. Must be a + Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + format: int32 + type: integer + items: + description: Items is a list of downward API + volume file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: 'Required: Path is the + relative path name of the file to + be created. Must not be absolute or + contain the ''..'' path. Must be utf-8 + encoded. The first item of the relative + path must not start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + description: |- + emptyDir represents a temporary directory that shares a pod's lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + properties: + medium: + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: |- + ephemeral represents a volume that is handled by a cluster storage driver. + The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + and deleted when the pod is removed. + properties: + volumeClaimTemplate: + description: |- + Will be used to create a stand-alone PVC to provision the volume. + The pod in which this EphemeralVolumeSource is embedded will be the + owner of the PVC, i.e. the PVC will be deleted together with the + pod. The name of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` array + entry. + properties: + metadata: + description: |- + May contain labels and annotations that will be copied into the PVC + when creating it. No other fields are allowed and will be rejected during + validation. + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: |- + The specification for the PersistentVolumeClaim. The entire content is + copied unchanged into the PVC that gets created from this + template. The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type + of resource being referenced + type: string + name: + description: Name is the name + of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type + of resource being referenced + type: string + name: + description: Name is the name + of resource being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query + over volumes to consider for binding. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding + reference to the PersistentVolume + backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource + that is attached to a kubelet's host machine + and then exposed to the pod. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + lun: + description: 'lun is Optional: FC target lun + number' + format: int32 + type: integer + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target + worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: |- + wwids Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + items: + type: string + type: array + type: object + flexVolume: + description: |- + flexVolume represents a generic volume resource that is + provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver + to use for this volume. + type: string + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field + holds extra command options if any.' + type: object + readOnly: + description: |- + readOnly is Optional: defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef is Optional: secretRef is reference to the secret object containing + sensitive information to pass to the plugin scripts. This may be + empty if no secret object is specified. If the secret object + contains more than one secret, all secrets are passed to the plugin + scripts. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume + attached to a kubelet's host machine. This depends + on the Flocker control service being running + properties: + datasetName: + description: |- + datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + should be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the + dataset. This is unique identifier of a + Flocker dataset + type: string + type: object + gcePersistentDisk: + description: |- + gcePersistentDisk represents a GCE Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + properties: + fsType: + description: |- + fsType is filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + format: int32 + type: integer + pdName: + description: |- + pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: boolean + required: + - pdName + type: object + gitRepo: + description: |- + gitRepo represents a git repository at a particular revision. + DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + into the Pod's container. + properties: + directory: + description: |- + directory is the target directory name. + Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + git repository. Otherwise, if specified, the volume will contain the git repository in + the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for + the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: |- + glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/glusterfs/README.md + properties: + endpoints: + description: |- + endpoints is the endpoint name that details Glusterfs topology. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + path: + description: |- + path is the Glusterfs volume path. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + readOnly: + description: |- + readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: |- + hostPath represents a pre-existing file or directory on the host + machine that is directly exposed to the container. This is generally + used for system agents or other privileged things that are allowed + to see the host machine. Most containers will NOT need this. + More info: https://kubernetes. + properties: + path: + description: |- + path of the directory on the host. + If the path is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + type: + description: |- + type for HostPath Volume + Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + required: + - path + type: object + iscsi: + description: |- + iscsi represents an ISCSI Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://examples.k8s.io/volumes/iscsi/README.md + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether + support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether + support iSCSI Session CHAP authentication + type: boolean + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + initiatorName: + description: |- + initiatorName is the custom iSCSI Initiator Name. + If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified + Name. + type: string + iscsiInterface: + description: |- + iscsiInterface is the interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun + number. + format: int32 + type: integer + portals: + description: |- + portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret + for iSCSI target and initiator authentication + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: |- + targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: |- + name of the volume. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + nfs: + description: |- + nfs represents an NFS mount on the host that shares a pod's lifetime + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + properties: + path: + description: |- + path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + readOnly: + description: |- + readOnly here will force the NFS export to be mounted with read-only permissions. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: boolean + server: + description: |- + server is the hostname or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: |- + persistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a + PhotonController persistent disk attached and + mounted on kubelets host machine + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: pdID is the ID that identifies + Photon Controller persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx + volume attached and mounted on kubelets host + machine + properties: + fsType: + description: |- + fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies + a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources + secrets, configmaps, and downward API + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + format: int32 + type: integer + sources: + description: sources is the list of volume + projections + items: + description: Projection that may be projected + along with other supported volume types + properties: + clusterTrustBundle: + description: |- + ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field + of ClusterTrustBundle objects in an auto-updating file. + + + Alpha, gated by the ClusterTrustBundleProjection feature gate. + + + ClusterTrustBundle objects can either be selected by name, or by the + combination of signer name and a label selector. + properties: + labelSelector: + description: |- + Select all ClusterTrustBundles that match this label selector. Only has + effect if signerName is set. Mutually-exclusive with name. If unset, + interpreted as "match nothing". If set but empty, interpreted as "match + everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: |- + Select a single ClusterTrustBundle by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: |- + If true, don't block pod startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, then the named ClusterTrustBundle is + allowed not to exist. If using signerName, then the combination of + signerName and labelSelector is allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative path from + the volume root to write the bundle. + type: string + signerName: + description: |- + Select all ClusterTrustBundles that match this signer name. + Mutually-exclusive with name. The contents of all selected + ClusterTrustBundles will be unified and deduplicated. + type: string + required: + - path + type: object + configMap: + description: configMap information about + the configMap data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. + items: + description: Maps a string key + to a path within a volume. + properties: + key: + description: key is the key + to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify whether + the ConfigMap or its keys must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information + about the downwardAPI data to project + properties: + items: + description: Items is a list of + DownwardAPIVolume file + items: + description: DownwardAPIVolumeFile + represents information to create + the file containing the pod + field + properties: + fieldRef: + description: 'Required: Selects + a field of the pod: only + annotations, labels, name + and namespace are supported.' + properties: + apiVersion: + description: Version of + the schema the FieldPath + is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the + field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: 'Required: Path + is the relative path name + of the file to be created. + Must not be absolute or + contain the ''..'' path. + Must be utf-8 encoded. The + first item of the relative + path must not start with + ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container + name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies + the output format of + the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: + resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + description: secret information about + the secret data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. + items: + description: Maps a string key + to a path within a volume. + properties: + key: + description: key is the key + to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional field specify + whether the Secret or its key + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is + information about the serviceAccountToken + data to project + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + format: int64 + type: integer + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + description: quobyte represents a Quobyte mount + on the host that shares a pod's lifetime + properties: + group: + description: |- + group to map volume access to + Default is no group + type: string + readOnly: + description: |- + readOnly here will force the Quobyte volume to be mounted with read-only permissions. + Defaults to false. + type: boolean + registry: + description: |- + registry represents a single or multiple Quobyte Registry services + specified as a string as host:port pair (multiple entries are separated with commas) + which acts as the central registry for volumes + type: string + tenant: + description: |- + tenant owning the given Quobyte volume in the Backend + Used with dynamically provisioned Quobyte volumes, value is set by the plugin + type: string + user: + description: |- + user to map volume access to + Defaults to serivceaccount user + type: string + volume: + description: volume is a string that references + an already created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: |- + rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/rbd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + image: + description: |- + image is the rados image name. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + keyring: + description: |- + keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + monitors: + description: |- + monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + items: + type: string + type: array + pool: + description: |- + pool is the rados pool name. + Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: boolean + secretRef: + description: |- + secretRef is name of the authentication secret for RBDUser. If provided + overrides keyring. + Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is the rados user name. + Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent + volume attached and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". + Default is "xfs". + type: string + gateway: + description: gateway is the host address of + the ScaleIO API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name + of the ScaleIO Protection Domain for the + configured storage. + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation will fail. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable + SSL communication with Gateway, default + false + type: boolean + storageMode: + description: |- + storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage + Pool associated with the protection domain. + type: string + system: + description: system is the name of the storage + system as configured in ScaleIO. + type: string + volumeName: + description: |- + volumeName is the name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: optional field specify whether + the Secret or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + storageos: + description: storageOS represents a StorageOS + volume attached and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef specifies the secret to use for obtaining the StorageOS API + credentials. If not specified, default values will be attempted. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: |- + volumeName is the human-readable name of the StorageOS volume. Volume + names are only unique within a namespace. + type: string + volumeNamespace: + description: |- + volumeNamespace specifies the scope of the volume within StorageOS. If no + namespace is specified then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within StorageOS. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere + volume attached and mounted on kubelets host + machine + properties: + fsType: + description: |- + fsType is filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage + Policy Based Management (SPBM) profile ID + associated with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage + Policy Based Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies + vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + required: + - containers + type: object + type: object + type: object + description: |- + A map of PaddleReplicaType (type) to ReplicaSpec (value). Specifies the Paddle cluster configuration. + For example, + { + "Master": PaddleReplicaSpec, + "Worker": PaddleReplicaSpec, + } + type: object + runPolicy: + description: |- + RunPolicy encapsulates various runtime policies of the distributed training + job, for example how to clean up resources and how long the job can stay + active. + properties: + activeDeadlineSeconds: + description: |- + Specifies the duration in seconds relative to the startTime that the job may be active + before the system tries to terminate it; value must be positive integer. + format: int64 + type: integer + backoffLimit: + description: Optional number of retries before marking this job + failed. + format: int32 + type: integer + cleanPodPolicy: + description: |- + CleanPodPolicy defines the policy to kill pods after the job completes. + Default to None. + type: string + schedulingPolicy: + description: SchedulingPolicy defines the policy related to scheduling, + e.g. gang-scheduling + properties: + minAvailable: + format: int32 + type: integer + minResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + priorityClass: + type: string + queue: + type: string + x-kubernetes-validations: + - message: spec.runPolicy.schedulingPolicy.queue is immutable + rule: self == oldSelf + scheduleTimeoutSeconds: + format: int32 + type: integer + type: object + suspend: + default: false + description: |- + suspend specifies whether the Job controller should create Pods or not. + If a Job is created with suspend set to true, no Pods are created by + the Job controller. If a Job is suspended after creation (i.e. the + flag goes from false to true), the Job controller will delete all + active Pods and PodGroups associated with this Job. + Users must design their workload to gracefully handle this. + type: boolean + ttlSecondsAfterFinished: + description: |- + TTLSecondsAfterFinished is the TTL to clean up jobs. + It may take extra ReconcilePeriod seconds for the cleanup, since + reconcile gets called periodically. + Default to infinite. + format: int32 + type: integer + type: object + required: + - paddleReplicaSpecs + type: object + status: + description: |- + Most recently observed status of the PaddleJob. + Read-only (modified by the system). + properties: + completionTime: + description: |- + Represents time when the job was completed. It is not guaranteed to + be set in happens-before order across separate operations. + It is represented in RFC3339 form and is in UTC. + format: date-time + type: string + conditions: + description: Conditions is an array of current observed job conditions. + items: + description: JobCondition describes the state of the job at a certain + point. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + lastUpdateTime: + description: The last time this condition was updated. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of job condition. + type: string + required: + - status + - type + type: object + type: array + lastReconcileTime: + description: |- + Represents last time when the job was reconciled. It is not guaranteed to + be set in happens-before order across separate operations. + It is represented in RFC3339 form and is in UTC. + format: date-time + type: string + replicaStatuses: + additionalProperties: + description: ReplicaStatus represents the current observed state + of the replica. + properties: + active: + description: The number of actively running pods. + format: int32 + type: integer + failed: + description: The number of pods which reached phase Failed. + format: int32 + type: integer + labelSelector: + description: 'Deprecated: Use Selector instead' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + selector: + description: |- + A Selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty Selector matches all objects. A null + Selector matches no objects. + type: string + succeeded: + description: The number of pods which reached phase Succeeded. + format: int32 + type: integer + type: object + description: |- + ReplicaStatuses is map of ReplicaType and ReplicaStatus, + specifies the status of each replica. + type: object + startTime: + description: |- + Represents time when the job was acknowledged by the job controller. + It is not guaranteed to be set in happens-before order across separate operations. + It is represented in RFC3339 form and is in UTC. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.replicaStatuses.Worker.selector + specReplicasPath: .spec.paddleReplicaSpecs.Worker.replicas + statusReplicasPath: .status.replicaStatuses.Worker.active + status: {} +{{- end }} +{{- end }} diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/training-operator/kubeflow.org_pytorchjobs.yaml b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/training-operator/kubeflow.org_pytorchjobs.yaml new file mode 100644 index 00000000..9419380a --- /dev/null +++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/training-operator/kubeflow.org_pytorchjobs.yaml @@ -0,0 +1,8068 @@ +{{- if (include "kubeflowCrds.trainingOperator.enabled" . | eq "true") -}} +{{- if .Values.crds.minimized }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + labels: + {{- include "kubeflowCrds.trainingOperator.labels" . | nindent 4 }} + name: {{ include "kubeflowCrds.trainingOperator.pytorchFullName" . }} +spec: + group: {{ include "kubeflowCrds.trainingOperator.group" . }} + names: + kind: PyTorchJob + listKind: PyTorchJobList + plural: {{ include "kubeflowCrds.trainingOperator.pytorchPluralName" . }} + singular: {{ include "kubeflowCrds.trainingOperator.pytorchSingularName" . }} + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[-1:].type + name: State + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: PyTorchJob Represents a PyTorchJob resource. + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.replicaStatuses.Worker.selector + specReplicasPath: .spec.pytorchReplicaSpecs.Worker.replicas + statusReplicasPath: .status.replicaStatuses.Worker.active + status: {} + +{{- else }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + labels: + {{- include "kubeflowCrds.trainingOperator.labels" . | nindent 4 }} + name: {{ include "kubeflowCrds.trainingOperator.pytorchFullName" . }} +spec: + group: {{ include "kubeflowCrds.trainingOperator.group" . }} + names: + kind: PyTorchJob + listKind: PyTorchJobList + plural: {{ include "kubeflowCrds.trainingOperator.pytorchPluralName" . }} + singular: {{ include "kubeflowCrds.trainingOperator.pytorchSingularName" . }} + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[-1:].type + name: State + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: PyTorchJob Represents a PyTorchJob resource. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Specification of the desired state of the PyTorchJob. + properties: + elasticPolicy: + properties: + maxReplicas: + description: upper limit for the number of pods that can be set + by the autoscaler; cannot be smaller than MinReplicas, defaults + to null. + format: int32 + type: integer + maxRestarts: + format: int32 + type: integer + metrics: + description: |- + Metrics contains the specifications which are used to calculate the + desired replica count (the maximum replica count across all metrics will + be used). The desired replica count is calculated with multiplying the + ratio between the target value and the current value by the current + number of pods. Ergo, metrics used must decrease as the pod count is + increased, and vice-versa. + items: + description: |- + MetricSpec specifies how to scale based on a single metric + (only `type` and one other matching field should be set at once). + properties: + containerResource: + description: |- + containerResource refers to a resource metric (such as those specified in + requests and limits) known to Kubernetes describing a single container in + each pod of the current scale target (e.g. CPU or memory). Such metrics are + built in to Kubernetes, and have special scaling options on top of those + available to normal per-pod metrics using the "pods" source. + properties: + container: + description: container is the name of the container + in the pods of the scaling target + type: string + name: + description: name is the name of the resource in question. + type: string + target: + description: target specifies the target value for the + given metric + properties: + averageUtilization: + description: |- + averageUtilization is the target value of the average of the + resource metric across all relevant pods, represented as a percentage of + the requested value of the resource for the pods. + Currently only valid for Resource metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: |- + averageValue is the target value of the average of the + metric across all relevant pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the metric + (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - container + - name + - target + type: object + external: + description: |- + external refers to a global metric that is not associated + with any Kubernetes object. It allows autoscaling based on information + coming from components running outside of cluster + (for example length of queue in cloud messaging service, or + QPS from loadbalancer running outside of cluster). + properties: + metric: + description: metric identifies the target metric by + name and selector + properties: + name: + description: name is the name of the given metric + type: string + selector: + description: |- + selector is the string-encoded form of a standard kubernetes label selector for the given metric + When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping. + When unset, just the metricName will be used to gather metrics. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - name + type: object + target: + description: target specifies the target value for the + given metric + properties: + averageUtilization: + description: |- + averageUtilization is the target value of the average of the + resource metric across all relevant pods, represented as a percentage of + the requested value of the resource for the pods. + Currently only valid for Resource metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: |- + averageValue is the target value of the average of the + metric across all relevant pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the metric + (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - metric + - target + type: object + object: + description: |- + object refers to a metric describing a single kubernetes object + (for example, hits-per-second on an Ingress object). + properties: + describedObject: + description: describedObject specifies the descriptions + of a object,such as kind,name apiVersion + properties: + apiVersion: + description: apiVersion is the API version of the + referent + type: string + kind: + description: 'kind is the kind of the referent; + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'name is the name of the referent; + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + required: + - kind + - name + type: object + metric: + description: metric identifies the target metric by + name and selector + properties: + name: + description: name is the name of the given metric + type: string + selector: + description: |- + selector is the string-encoded form of a standard kubernetes label selector for the given metric + When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping. + When unset, just the metricName will be used to gather metrics. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - name + type: object + target: + description: target specifies the target value for the + given metric + properties: + averageUtilization: + description: |- + averageUtilization is the target value of the average of the + resource metric across all relevant pods, represented as a percentage of + the requested value of the resource for the pods. + Currently only valid for Resource metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: |- + averageValue is the target value of the average of the + metric across all relevant pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the metric + (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - describedObject + - metric + - target + type: object + pods: + description: |- + pods refers to a metric describing each pod in the current scale target + (for example, transactions-processed-per-second). The values will be + averaged together before being compared to the target value. + properties: + metric: + description: metric identifies the target metric by + name and selector + properties: + name: + description: name is the name of the given metric + type: string + selector: + description: |- + selector is the string-encoded form of a standard kubernetes label selector for the given metric + When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping. + When unset, just the metricName will be used to gather metrics. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - name + type: object + target: + description: target specifies the target value for the + given metric + properties: + averageUtilization: + description: |- + averageUtilization is the target value of the average of the + resource metric across all relevant pods, represented as a percentage of + the requested value of the resource for the pods. + Currently only valid for Resource metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: |- + averageValue is the target value of the average of the + metric across all relevant pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the metric + (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - metric + - target + type: object + resource: + description: |- + resource refers to a resource metric (such as those specified in + requests and limits) known to Kubernetes describing each pod in the + current scale target (e.g. CPU or memory). Such metrics are built in to + Kubernetes, and have special scaling options on top of those available + to normal per-pod metrics using the "pods" source. + properties: + name: + description: name is the name of the resource in question. + type: string + target: + description: target specifies the target value for the + given metric + properties: + averageUtilization: + description: |- + averageUtilization is the target value of the average of the + resource metric across all relevant pods, represented as a percentage of + the requested value of the resource for the pods. + Currently only valid for Resource metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: |- + averageValue is the target value of the average of the + metric across all relevant pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the metric + (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - name + - target + type: object + type: + description: |- + type is the type of metric source. It should be one of "ContainerResource", "External", + "Object", "Pods" or "Resource", each mapping to a matching field in the object. + Note: "ContainerResource" type is available on when the feature-gate + HPAContainerMetrics is enabled + type: string + required: + - type + type: object + type: array + minReplicas: + description: |- + minReplicas is the lower limit for the number of replicas to which the training job + can scale down. It defaults to null. + format: int32 + type: integer + nProcPerNode: + description: |- + Number of workers per node; supported values: [auto, cpu, gpu, int]. + Deprecated: This API is deprecated in v1.7+ + Use .spec.nprocPerNode instead. + format: int32 + type: integer + rdzvBackend: + type: string + rdzvConf: + description: RDZVConf contains additional rendezvous configuration + (=,=,...). + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + rdzvHost: + type: string + rdzvId: + type: string + rdzvPort: + format: int32 + type: integer + standalone: + description: |- + Start a local standalone rendezvous backend that is represented by a C10d TCP store + on port 29400. Useful when launching single-node, multi-worker job. If specified + --rdzv_backend, --rdzv_endpoint, --rdzv_id are auto-assigned; any explicitly set values + are ignored. + type: boolean + type: object + nprocPerNode: + description: |- + Number of workers per node; supported values: [auto, cpu, gpu, int]. + For more, https://github.com/pytorch/pytorch/blob/26f7f470df64d90e092081e39507e4ac751f55d6/torch/distributed/run.py#L629-L658. + Defaults to auto. + type: string + pytorchReplicaSpecs: + additionalProperties: + description: ReplicaSpec is a description of the replica + properties: + replicas: + description: |- + Replicas is the desired number of replicas of the given template. + If unspecified, defaults to 1. + format: int32 + type: integer + restartPolicy: + description: |- + Restart policy for all replicas within the job. + One of Always, OnFailure, Never and ExitCode. + Default to Never. + type: string + template: + description: |- + Template is the object that describes the pod that + will be created for this replica. RestartPolicy in PodTemplateSpec + will be overide by RestartPolicy in ReplicaSpec + properties: + metadata: + description: |- + Standard object's metadata. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: |- + Specification of the desired behavior of the pod. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + properties: + activeDeadlineSeconds: + description: |- + Optional duration in seconds the pod may be active on the node relative to + StartTime before the system will actively try to mark it failed and kill associated containers. + Value must be a positive integer. + format: int64 + type: integer + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules + (e.g. co-locate this pod in the same node, zone, + etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same + node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates + whether a service account token should be automatically + mounted. + type: boolean + containers: + description: |- + List of containers belonging to the pod. + Containers cannot currently be added or removed. + There must be at least one container in a Pod. + Cannot be updated. + items: + description: A single application container that you + want to run within a pod. + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be + a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: |- + Actions that the management system should take in response to container lifecycle events. + Cannot be updated. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + RestartPolicy defines the restart behavior of individual containers in a pod. + This field may only be set for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod's restart policy and the container type. + type: string + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default is DefaultProcMount which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is + the name of the GMSA credential spec + to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. + type: boolean + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block + devices to be used by the container. + items: + description: volumeDevice describes a mapping + of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside + of the container that the device will + be mapped to. + type: string + name: + description: name must match the name of + a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of + a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + dnsConfig: + description: |- + Specifies the DNS parameters of a pod. + Parameters specified here will be merged to the generated DNS + configuration based on DNSPolicy. + properties: + nameservers: + description: |- + A list of DNS name server IP addresses. + This will be appended to the base nameservers generated from DNSPolicy. + Duplicated nameservers will be removed. + items: + type: string + type: array + options: + description: |- + A list of DNS resolver options. + This will be merged with the base options generated from DNSPolicy. + Duplicated entries will be removed. Resolution options given in Options + will override those that appear in the base DNSPolicy. + items: + description: PodDNSConfigOption defines DNS resolver + options of a pod. + properties: + name: + description: Required. + type: string + value: + type: string + type: object + type: array + searches: + description: |- + A list of DNS search domains for host-name lookup. + This will be appended to the base search paths generated from DNSPolicy. + Duplicated search paths will be removed. + items: + type: string + type: array + type: object + dnsPolicy: + description: |- + Set DNS policy for the pod. + Defaults to "ClusterFirst". + Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. + DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. + To have DNS options set along with hostNetwork, you have to specify DNS policy + explicitly to 'ClusterFirstWithHostNet'. + type: string + enableServiceLinks: + description: |- + EnableServiceLinks indicates whether information about services should be injected into pod's + environment variables, matching the syntax of Docker links. + Optional: Defaults to true. + type: boolean + ephemeralContainers: + description: |- + List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing + pod to perform user-initiated actions such as debugging. This list cannot be specified when + creating a pod, and it cannot be modified by updating the pod spec. In order to add an + ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. + items: + description: |- + An EphemeralContainer is a temporary container that you may add to an existing Pod for + user-initiated activities such as debugging. Ephemeral containers have no resource or + scheduling guarantees, and they will not be restarted when they exit or when a Pod is + removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the + Pod to exceed its resource allocation. + properties: + args: + description: |- + Arguments to the entrypoint. + The image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". + items: + type: string + type: array + command: + description: |- + Entrypoint array. Not executed within a shell. + The image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be + a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: Lifecycle is not allowed for ephemeral + containers. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: Probes are not allowed for ephemeral + containers. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the ephemeral container specified as a DNS_LABEL. + This name must be unique among all containers, init containers and ephemeral containers. + type: string + ports: + description: Ports are not allowed for ephemeral + containers. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: Probes are not allowed for ephemeral + containers. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources + already allocated to the pod. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + Restart policy for the container to manage the restart behavior of each + container within a pod. + This may only be set for init containers. You cannot set this field on + ephemeral containers. + type: string + securityContext: + description: |- + Optional: SecurityContext defines the security options the ephemeral container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default is DefaultProcMount which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is + the name of the GMSA credential spec + to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: Probes are not allowed for ephemeral + containers. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. + type: boolean + targetContainerName: + description: |- + If set, the name of the container from PodSpec that this ephemeral container targets. + The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. + If not set then the ephemeral container uses the namespaces configured in the Pod spec. + + + The container runtime must implement support for this feature. + type: string + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block + devices to be used by the container. + items: + description: volumeDevice describes a mapping + of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside + of the container that the device will + be mapped to. + type: string + name: + description: name must match the name of + a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. + Cannot be updated. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of + a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + hostAliases: + description: |- + HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts + file if specified. This is only valid for non-hostNetwork pods. + items: + description: |- + HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the + pod's hosts file. + properties: + hostnames: + description: Hostnames for the above IP address. + items: + type: string + type: array + ip: + description: IP address of the host file entry. + type: string + type: object + type: array + hostIPC: + description: |- + Use the host's ipc namespace. + Optional: Default to false. + type: boolean + hostNetwork: + description: |- + Host networking requested for this pod. Use the host's network namespace. + If this option is set, the ports that will be used must be specified. + Default to false. + type: boolean + hostPID: + description: |- + Use the host's pid namespace. + Optional: Default to false. + type: boolean + hostUsers: + description: |- + Use the host's user namespace. + Optional: Default to true. + If set to true or not present, the pod will be run in the host user namespace, useful + for when the pod needs a feature only available to the host user namespace, such as + loading a kernel module with CAP_SYS_MODULE. + When set to false, a new userns is created for the pod. + type: boolean + hostname: + description: |- + Specifies the hostname of the Pod + If not specified, the pod's hostname will be set to a system-defined value. + type: string + imagePullSecrets: + description: |- + ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. + If specified, these secrets will be passed to individual puller implementations for them to use. + More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + description: |- + List of initialization containers belonging to the pod. + Init containers are executed in order prior to containers being started. If any + init container fails, the pod is considered to have failed and is handled according + to its restartPolicy. The name for an init container or normal container must be + unique among all containers. + items: + description: A single application container that you + want to run within a pod. + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be + a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: |- + Actions that the management system should take in response to container lifecycle events. + Cannot be updated. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + RestartPolicy defines the restart behavior of individual containers in a pod. + This field may only be set for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod's restart policy and the container type. + type: string + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default is DefaultProcMount which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is + the name of the GMSA credential spec + to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. + type: boolean + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block + devices to be used by the container. + items: + description: volumeDevice describes a mapping + of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside + of the container that the device will + be mapped to. + type: string + name: + description: name must match the name of + a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of + a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + nodeName: + description: |- + NodeName is a request to schedule this pod onto a specific node. If it is non-empty, + the scheduler simply schedules this pod onto that node, assuming that it fits resource + requirements. + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + x-kubernetes-map-type: atomic + os: + description: |- + Specifies the OS of the containers in the pod. + Some pod and container fields are restricted if this is set. + + + If the OS field is set to linux, the following fields must be unset: + -securityContext.windowsOptions + + + If the OS field is set to windows, following fields must be unset: + - spec.hostPID + - spec.hostIPC + - spec.hostUsers + - spec.securityContext.seLinuxOptions + - spec.securityContext. + properties: + name: + description: |- + Name is the name of the operating system. The currently supported values are linux and windows. + Additional value may be defined in future and can be one of: + https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration + Clients should expect to handle additional values and treat unrecognized values in this field as os: null + type: string + required: + - name + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. + This field will be autopopulated at admission time by the RuntimeClass admission controller. If + the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. + The RuntimeClass admission controller will reject Pod create requests which have the overhead already + set. + type: object + preemptionPolicy: + description: |- + PreemptionPolicy is the Policy for preempting pods with lower priority. + One of Never, PreemptLowerPriority. + Defaults to PreemptLowerPriority if unset. + type: string + priority: + description: |- + The priority value. Various system components use this field to find the + priority of the pod. When Priority Admission Controller is enabled, it + prevents users from setting this field. The admission controller populates + this field from PriorityClassName. + The higher the value, the higher the priority. + format: int32 + type: integer + priorityClassName: + description: |- + If specified, indicates the pod's priority. "system-node-critical" and + "system-cluster-critical" are two special keywords which indicate the + highest priorities with the former being the highest priority. Any other + name must be defined by creating a PriorityClass object with that name. + If not specified, the pod priority will be default or zero if there is no + default. + type: string + readinessGates: + description: |- + If specified, all readiness gates will be evaluated for pod readiness. + A pod is ready when all its containers are ready AND + all conditions specified in the readiness gates have status equal to "True" + More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates + items: + description: PodReadinessGate contains the reference + to a pod condition + properties: + conditionType: + description: ConditionType refers to a condition + in the pod's condition list with matching type. + type: string + required: + - conditionType + type: object + type: array + resourceClaims: + description: |- + ResourceClaims defines which ResourceClaims must be allocated + and reserved before the Pod is allowed to start. The resources + will be made available to those containers which consume them + by name. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. + items: + description: |- + PodResourceClaim references exactly one ResourceClaim through a ClaimSource. + It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. + Containers that need access to the ResourceClaim reference it with this name. + properties: + name: + description: |- + Name uniquely identifies this resource claim inside the pod. + This must be a DNS_LABEL. + type: string + source: + description: Source describes where to find the + ResourceClaim. + properties: + resourceClaimName: + description: |- + ResourceClaimName is the name of a ResourceClaim object in the same + namespace as this pod. + type: string + resourceClaimTemplateName: + description: |- + ResourceClaimTemplateName is the name of a ResourceClaimTemplate + object in the same namespace as this pod. + + + The template will be used to create a new ResourceClaim, which will + be bound to this pod. When this pod is deleted, the ResourceClaim + will also be deleted. + type: string + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + restartPolicy: + description: |- + Restart policy for all containers within the pod. + One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. + Default to Always. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy + type: string + runtimeClassName: + description: |- + RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used + to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. + If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an + empty definition that uses the default runtime handler. + More info: https://git.k8s. + type: string + schedulerName: + description: |- + If specified, the pod will be dispatched by specified scheduler. + If not specified, the pod will be dispatched by default scheduler. + type: string + schedulingGates: + description: |- + SchedulingGates is an opaque list of values that if specified will block scheduling the pod. + If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the + scheduler will not attempt to schedule the pod. + + + SchedulingGates can only be set at pod creation time, and be removed only afterwards. + + + This is a beta feature enabled by the PodSchedulingReadiness feature gate. + items: + description: PodSchedulingGate is associated to a + Pod to guard its scheduling. + properties: + name: + description: |- + Name of the scheduling gate. + Each scheduling gate must have a unique name field. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + securityContext: + description: |- + SecurityContext holds pod-level security attributes and common container settings. + Optional: Defaults to empty. See type description for default values of each field. + properties: + fsGroup: + description: |- + A special supplemental group that applies to all containers in a pod. + Some volume types allow the Kubelet to change the ownership of that volume + to be owned by the pod: + + + 1. The owning GID will be the FSGroup + 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + 3. + format: int64 + type: integer + fsGroupChangePolicy: + description: |- + fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + before being exposed inside Pod. This field will only apply to + volume types which support fsGroup based ownership(and permissions). + It will have no effect on ephemeral volume types such as: secret, configmaps + and emptydir. + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + type: string + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in SecurityContext. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that + applies to the container. + type: string + role: + description: Role is a SELinux role label that + applies to the container. + type: string + type: + description: Type is a SELinux type label that + applies to the container. + type: string + user: + description: User is a SELinux user label that + applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + supplementalGroups: + description: |- + A list of groups applied to the first process run in each container, in addition + to the container's primary GID, the fsGroup (if specified), and group memberships + defined in the container image for the uid of the container process. If unspecified, + no additional groups are added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: |- + Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter + to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + serviceAccount: + description: |- + DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. + Deprecated: Use serviceAccountName instead. + type: string + serviceAccountName: + description: |- + ServiceAccountName is the name of the ServiceAccount to use to run this pod. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + type: string + setHostnameAsFQDN: + description: |- + If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). + In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). + type: boolean + shareProcessNamespace: + description: |- + Share a single process namespace between all of the containers in a pod. + When this is set containers will be able to view and signal processes from other containers + in the same pod, and the first process in each container will not be assigned PID 1. + HostPID and ShareProcessNamespace cannot both be set. + Optional: Default to false. + type: boolean + subdomain: + description: |- + If specified, the fully qualified Pod hostname will be "...svc.". + If not specified, the pod will not have a domainname at all. + type: string + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + If this value is nil, the default grace period will be used instead. + format: int64 + type: integer + tolerations: + description: If specified, the pod's tolerations. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: |- + TopologySpreadConstraints describes how a group of pods ought to spread across topology + domains. Scheduler will schedule pods in a way which abides by the constraints. + All topologySpreadConstraints are ANDed. + items: + description: TopologySpreadConstraint specifies how + to spread matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + + If this value is nil, the behavior is equivalent to the Honor policy. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + + If this value is nil, the behavior is equivalent to the Ignore policy. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumes: + description: |- + List of volumes that can be mounted by containers belonging to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes + items: + description: Volume represents a named volume in a + pod that may be accessed by any container in the + pod. + properties: + awsElasticBlockStore: + description: |- + awsElasticBlockStore represents an AWS Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + format: int32 + type: integer + readOnly: + description: |- + readOnly value true will force the readOnly setting in VolumeMounts. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: boolean + volumeID: + description: |- + volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data + Disk mount on the host and bind mount to the + pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching + mode: None, Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data + disk in the blob storage + type: string + diskURI: + description: diskURI is the URI of data disk + in the blob storage + type: string + fsType: + description: |- + fsType is Filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'kind expected values are Shared: + multiple blob disks per storage account Dedicated: + single blob disk per storage account Managed: + azure managed data disk (only in managed + availability set). defaults to shared' + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File + Service mount on the host and bind mount to + the pod. + properties: + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret + that contains Azure Storage Account Name + and Key + type: string + shareName: + description: shareName is the azure share + Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount + on the host that shares a pod's lifetime + properties: + monitors: + description: |- + monitors is Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + items: + type: string + type: array + path: + description: 'path is Optional: Used as the + mounted root, rather than the full Ceph + tree, default is /' + type: string + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: boolean + secretFile: + description: |- + secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + secretRef: + description: |- + secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is optional: User is the rados user name, default is admin + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + required: + - monitors + type: object + cinder: + description: |- + cinder represents a cinder volume attached and mounted on kubelets host machine. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: boolean + secretRef: + description: |- + secretRef is optional: points to a secret object containing parameters used to connect + to OpenStack. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: |- + volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap + that should populate this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify whether the + ConfigMap or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) + represents ephemeral storage that is handled + by certain external CSI drivers (Beta feature). + properties: + driver: + description: |- + driver is the name of the CSI driver that handles this volume. + Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: |- + fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated CSI driver + which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: |- + nodePublishSecretRef is a reference to the secret object containing + sensitive information to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no secret is required. If the + secret object contains more than one secret, all secret references are passed. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: |- + readOnly specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: |- + volumeAttributes stores driver-specific properties that are passed to the CSI + driver. Consult your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API + about the pod that should populate this volume + properties: + defaultMode: + description: |- + Optional: mode bits to use on created files by default. Must be a + Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + format: int32 + type: integer + items: + description: Items is a list of downward API + volume file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: 'Required: Path is the + relative path name of the file to + be created. Must not be absolute or + contain the ''..'' path. Must be utf-8 + encoded. The first item of the relative + path must not start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + description: |- + emptyDir represents a temporary directory that shares a pod's lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + properties: + medium: + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: |- + ephemeral represents a volume that is handled by a cluster storage driver. + The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + and deleted when the pod is removed. + properties: + volumeClaimTemplate: + description: |- + Will be used to create a stand-alone PVC to provision the volume. + The pod in which this EphemeralVolumeSource is embedded will be the + owner of the PVC, i.e. the PVC will be deleted together with the + pod. The name of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` array + entry. + properties: + metadata: + description: |- + May contain labels and annotations that will be copied into the PVC + when creating it. No other fields are allowed and will be rejected during + validation. + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: |- + The specification for the PersistentVolumeClaim. The entire content is + copied unchanged into the PVC that gets created from this + template. The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type + of resource being referenced + type: string + name: + description: Name is the name + of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type + of resource being referenced + type: string + name: + description: Name is the name + of resource being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query + over volumes to consider for binding. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding + reference to the PersistentVolume + backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource + that is attached to a kubelet's host machine + and then exposed to the pod. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + lun: + description: 'lun is Optional: FC target lun + number' + format: int32 + type: integer + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target + worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: |- + wwids Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + items: + type: string + type: array + type: object + flexVolume: + description: |- + flexVolume represents a generic volume resource that is + provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver + to use for this volume. + type: string + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field + holds extra command options if any.' + type: object + readOnly: + description: |- + readOnly is Optional: defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef is Optional: secretRef is reference to the secret object containing + sensitive information to pass to the plugin scripts. This may be + empty if no secret object is specified. If the secret object + contains more than one secret, all secrets are passed to the plugin + scripts. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume + attached to a kubelet's host machine. This depends + on the Flocker control service being running + properties: + datasetName: + description: |- + datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + should be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the + dataset. This is unique identifier of a + Flocker dataset + type: string + type: object + gcePersistentDisk: + description: |- + gcePersistentDisk represents a GCE Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + properties: + fsType: + description: |- + fsType is filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + format: int32 + type: integer + pdName: + description: |- + pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: boolean + required: + - pdName + type: object + gitRepo: + description: |- + gitRepo represents a git repository at a particular revision. + DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + into the Pod's container. + properties: + directory: + description: |- + directory is the target directory name. + Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + git repository. Otherwise, if specified, the volume will contain the git repository in + the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for + the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: |- + glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/glusterfs/README.md + properties: + endpoints: + description: |- + endpoints is the endpoint name that details Glusterfs topology. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + path: + description: |- + path is the Glusterfs volume path. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + readOnly: + description: |- + readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: |- + hostPath represents a pre-existing file or directory on the host + machine that is directly exposed to the container. This is generally + used for system agents or other privileged things that are allowed + to see the host machine. Most containers will NOT need this. + More info: https://kubernetes. + properties: + path: + description: |- + path of the directory on the host. + If the path is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + type: + description: |- + type for HostPath Volume + Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + required: + - path + type: object + iscsi: + description: |- + iscsi represents an ISCSI Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://examples.k8s.io/volumes/iscsi/README.md + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether + support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether + support iSCSI Session CHAP authentication + type: boolean + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + initiatorName: + description: |- + initiatorName is the custom iSCSI Initiator Name. + If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified + Name. + type: string + iscsiInterface: + description: |- + iscsiInterface is the interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun + number. + format: int32 + type: integer + portals: + description: |- + portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret + for iSCSI target and initiator authentication + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: |- + targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: |- + name of the volume. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + nfs: + description: |- + nfs represents an NFS mount on the host that shares a pod's lifetime + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + properties: + path: + description: |- + path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + readOnly: + description: |- + readOnly here will force the NFS export to be mounted with read-only permissions. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: boolean + server: + description: |- + server is the hostname or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: |- + persistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a + PhotonController persistent disk attached and + mounted on kubelets host machine + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: pdID is the ID that identifies + Photon Controller persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx + volume attached and mounted on kubelets host + machine + properties: + fsType: + description: |- + fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies + a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources + secrets, configmaps, and downward API + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + format: int32 + type: integer + sources: + description: sources is the list of volume + projections + items: + description: Projection that may be projected + along with other supported volume types + properties: + clusterTrustBundle: + description: |- + ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field + of ClusterTrustBundle objects in an auto-updating file. + + + Alpha, gated by the ClusterTrustBundleProjection feature gate. + + + ClusterTrustBundle objects can either be selected by name, or by the + combination of signer name and a label selector. + properties: + labelSelector: + description: |- + Select all ClusterTrustBundles that match this label selector. Only has + effect if signerName is set. Mutually-exclusive with name. If unset, + interpreted as "match nothing". If set but empty, interpreted as "match + everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: |- + Select a single ClusterTrustBundle by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: |- + If true, don't block pod startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, then the named ClusterTrustBundle is + allowed not to exist. If using signerName, then the combination of + signerName and labelSelector is allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative path from + the volume root to write the bundle. + type: string + signerName: + description: |- + Select all ClusterTrustBundles that match this signer name. + Mutually-exclusive with name. The contents of all selected + ClusterTrustBundles will be unified and deduplicated. + type: string + required: + - path + type: object + configMap: + description: configMap information about + the configMap data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. + items: + description: Maps a string key + to a path within a volume. + properties: + key: + description: key is the key + to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify whether + the ConfigMap or its keys must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information + about the downwardAPI data to project + properties: + items: + description: Items is a list of + DownwardAPIVolume file + items: + description: DownwardAPIVolumeFile + represents information to create + the file containing the pod + field + properties: + fieldRef: + description: 'Required: Selects + a field of the pod: only + annotations, labels, name + and namespace are supported.' + properties: + apiVersion: + description: Version of + the schema the FieldPath + is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the + field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: 'Required: Path + is the relative path name + of the file to be created. + Must not be absolute or + contain the ''..'' path. + Must be utf-8 encoded. The + first item of the relative + path must not start with + ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container + name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies + the output format of + the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: + resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + description: secret information about + the secret data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. + items: + description: Maps a string key + to a path within a volume. + properties: + key: + description: key is the key + to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional field specify + whether the Secret or its key + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is + information about the serviceAccountToken + data to project + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + format: int64 + type: integer + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + description: quobyte represents a Quobyte mount + on the host that shares a pod's lifetime + properties: + group: + description: |- + group to map volume access to + Default is no group + type: string + readOnly: + description: |- + readOnly here will force the Quobyte volume to be mounted with read-only permissions. + Defaults to false. + type: boolean + registry: + description: |- + registry represents a single or multiple Quobyte Registry services + specified as a string as host:port pair (multiple entries are separated with commas) + which acts as the central registry for volumes + type: string + tenant: + description: |- + tenant owning the given Quobyte volume in the Backend + Used with dynamically provisioned Quobyte volumes, value is set by the plugin + type: string + user: + description: |- + user to map volume access to + Defaults to serivceaccount user + type: string + volume: + description: volume is a string that references + an already created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: |- + rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/rbd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + image: + description: |- + image is the rados image name. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + keyring: + description: |- + keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + monitors: + description: |- + monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + items: + type: string + type: array + pool: + description: |- + pool is the rados pool name. + Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: boolean + secretRef: + description: |- + secretRef is name of the authentication secret for RBDUser. If provided + overrides keyring. + Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is the rados user name. + Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent + volume attached and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". + Default is "xfs". + type: string + gateway: + description: gateway is the host address of + the ScaleIO API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name + of the ScaleIO Protection Domain for the + configured storage. + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation will fail. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable + SSL communication with Gateway, default + false + type: boolean + storageMode: + description: |- + storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage + Pool associated with the protection domain. + type: string + system: + description: system is the name of the storage + system as configured in ScaleIO. + type: string + volumeName: + description: |- + volumeName is the name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: optional field specify whether + the Secret or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + storageos: + description: storageOS represents a StorageOS + volume attached and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef specifies the secret to use for obtaining the StorageOS API + credentials. If not specified, default values will be attempted. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: |- + volumeName is the human-readable name of the StorageOS volume. Volume + names are only unique within a namespace. + type: string + volumeNamespace: + description: |- + volumeNamespace specifies the scope of the volume within StorageOS. If no + namespace is specified then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within StorageOS. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere + volume attached and mounted on kubelets host + machine + properties: + fsType: + description: |- + fsType is filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage + Policy Based Management (SPBM) profile ID + associated with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage + Policy Based Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies + vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + required: + - containers + type: object + type: object + type: object + description: |- + A map of PyTorchReplicaType (type) to ReplicaSpec (value). Specifies the PyTorch cluster configuration. + For example, + { + "Master": PyTorchReplicaSpec, + "Worker": PyTorchReplicaSpec, + } + type: object + runPolicy: + description: |- + RunPolicy encapsulates various runtime policies of the distributed training + job, for example how to clean up resources and how long the job can stay + active. + properties: + activeDeadlineSeconds: + description: |- + Specifies the duration in seconds relative to the startTime that the job may be active + before the system tries to terminate it; value must be positive integer. + format: int64 + type: integer + backoffLimit: + description: Optional number of retries before marking this job + failed. + format: int32 + type: integer + cleanPodPolicy: + description: |- + CleanPodPolicy defines the policy to kill pods after the job completes. + Default to None. + type: string + schedulingPolicy: + description: SchedulingPolicy defines the policy related to scheduling, + e.g. gang-scheduling + properties: + minAvailable: + format: int32 + type: integer + minResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + priorityClass: + type: string + queue: + type: string + x-kubernetes-validations: + - message: spec.runPolicy.schedulingPolicy.queue is immutable + rule: self == oldSelf + scheduleTimeoutSeconds: + format: int32 + type: integer + type: object + suspend: + default: false + description: |- + suspend specifies whether the Job controller should create Pods or not. + If a Job is created with suspend set to true, no Pods are created by + the Job controller. If a Job is suspended after creation (i.e. the + flag goes from false to true), the Job controller will delete all + active Pods and PodGroups associated with this Job. + Users must design their workload to gracefully handle this. + type: boolean + ttlSecondsAfterFinished: + description: |- + TTLSecondsAfterFinished is the TTL to clean up jobs. + It may take extra ReconcilePeriod seconds for the cleanup, since + reconcile gets called periodically. + Default to infinite. + format: int32 + type: integer + type: object + required: + - pytorchReplicaSpecs + type: object + status: + description: |- + Most recently observed status of the PyTorchJob. + Read-only (modified by the system). + properties: + completionTime: + description: |- + Represents time when the job was completed. It is not guaranteed to + be set in happens-before order across separate operations. + It is represented in RFC3339 form and is in UTC. + format: date-time + type: string + conditions: + description: Conditions is an array of current observed job conditions. + items: + description: JobCondition describes the state of the job at a certain + point. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + lastUpdateTime: + description: The last time this condition was updated. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of job condition. + type: string + required: + - status + - type + type: object + type: array + lastReconcileTime: + description: |- + Represents last time when the job was reconciled. It is not guaranteed to + be set in happens-before order across separate operations. + It is represented in RFC3339 form and is in UTC. + format: date-time + type: string + replicaStatuses: + additionalProperties: + description: ReplicaStatus represents the current observed state + of the replica. + properties: + active: + description: The number of actively running pods. + format: int32 + type: integer + failed: + description: The number of pods which reached phase Failed. + format: int32 + type: integer + labelSelector: + description: 'Deprecated: Use Selector instead' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + selector: + description: |- + A Selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty Selector matches all objects. A null + Selector matches no objects. + type: string + succeeded: + description: The number of pods which reached phase Succeeded. + format: int32 + type: integer + type: object + description: |- + ReplicaStatuses is map of ReplicaType and ReplicaStatus, + specifies the status of each replica. + type: object + startTime: + description: |- + Represents time when the job was acknowledged by the job controller. + It is not guaranteed to be set in happens-before order across separate operations. + It is represented in RFC3339 form and is in UTC. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.replicaStatuses.Worker.selector + specReplicasPath: .spec.pytorchReplicaSpecs.Worker.replicas + statusReplicasPath: .status.replicaStatuses.Worker.active + status: {} +{{- end }} +{{- end }} diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/training-operator/kubeflow.org_tfjobs.yaml b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/training-operator/kubeflow.org_tfjobs.yaml new file mode 100644 index 00000000..880af9a4 --- /dev/null +++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/training-operator/kubeflow.org_tfjobs.yaml @@ -0,0 +1,7546 @@ +{{- if (include "kubeflowCrds.trainingOperator.enabled" . | eq "true") -}} +{{- if .Values.crds.minimized }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + labels: + {{- include "kubeflowCrds.trainingOperator.labels" . | nindent 4 }} + name: {{ include "kubeflowCrds.trainingOperator.tfFullName" . }} +spec: + group: {{ include "kubeflowCrds.trainingOperator.group" . }} + names: + kind: TFJob + listKind: TFJobList + plural: {{ include "kubeflowCrds.trainingOperator.tfPluralName" . }} + singular: {{ include "kubeflowCrds.trainingOperator.tfSingularName" . }} + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[-1:].type + name: State + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: TFJob represents a TFJob resource. + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + subresources: + status: {} + +{{- else }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + labels: + {{- include "kubeflowCrds.trainingOperator.labels" . | nindent 4 }} + name: {{ include "kubeflowCrds.trainingOperator.tfFullName" . }} +spec: + group: {{ include "kubeflowCrds.trainingOperator.group" . }} + names: + kind: TFJob + listKind: TFJobList + plural: {{ include "kubeflowCrds.trainingOperator.tfPluralName" . }} + singular: {{ include "kubeflowCrds.trainingOperator.tfSingularName" . }} + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[-1:].type + name: State + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: TFJob represents a TFJob resource. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Specification of the desired state of the TFJob. + properties: + enableDynamicWorker: + description: A switch to enable dynamic worker + type: boolean + runPolicy: + description: |- + RunPolicy encapsulates various runtime policies of the distributed training + job, for example how to clean up resources and how long the job can stay + active. + properties: + activeDeadlineSeconds: + description: |- + Specifies the duration in seconds relative to the startTime that the job may be active + before the system tries to terminate it; value must be positive integer. + format: int64 + type: integer + backoffLimit: + description: Optional number of retries before marking this job + failed. + format: int32 + type: integer + cleanPodPolicy: + description: |- + CleanPodPolicy defines the policy to kill pods after the job completes. + Default to None. + type: string + schedulingPolicy: + description: SchedulingPolicy defines the policy related to scheduling, + e.g. gang-scheduling + properties: + minAvailable: + format: int32 + type: integer + minResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + priorityClass: + type: string + queue: + type: string + x-kubernetes-validations: + - message: spec.runPolicy.schedulingPolicy.queue is immutable + rule: self == oldSelf + scheduleTimeoutSeconds: + format: int32 + type: integer + type: object + suspend: + default: false + description: |- + suspend specifies whether the Job controller should create Pods or not. + If a Job is created with suspend set to true, no Pods are created by + the Job controller. If a Job is suspended after creation (i.e. the + flag goes from false to true), the Job controller will delete all + active Pods and PodGroups associated with this Job. + Users must design their workload to gracefully handle this. + type: boolean + ttlSecondsAfterFinished: + description: |- + TTLSecondsAfterFinished is the TTL to clean up jobs. + It may take extra ReconcilePeriod seconds for the cleanup, since + reconcile gets called periodically. + Default to infinite. + format: int32 + type: integer + type: object + successPolicy: + description: |- + SuccessPolicy defines the policy to mark the TFJob as succeeded. + Default to "", using the default rules. + type: string + tfReplicaSpecs: + additionalProperties: + description: ReplicaSpec is a description of the replica + properties: + replicas: + description: |- + Replicas is the desired number of replicas of the given template. + If unspecified, defaults to 1. + format: int32 + type: integer + restartPolicy: + description: |- + Restart policy for all replicas within the job. + One of Always, OnFailure, Never and ExitCode. + Default to Never. + type: string + template: + description: |- + Template is the object that describes the pod that + will be created for this replica. RestartPolicy in PodTemplateSpec + will be overide by RestartPolicy in ReplicaSpec + properties: + metadata: + description: |- + Standard object's metadata. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: |- + Specification of the desired behavior of the pod. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + properties: + activeDeadlineSeconds: + description: |- + Optional duration in seconds the pod may be active on the node relative to + StartTime before the system will actively try to mark it failed and kill associated containers. + Value must be a positive integer. + format: int64 + type: integer + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules + (e.g. co-locate this pod in the same node, zone, + etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same + node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates + whether a service account token should be automatically + mounted. + type: boolean + containers: + description: |- + List of containers belonging to the pod. + Containers cannot currently be added or removed. + There must be at least one container in a Pod. + Cannot be updated. + items: + description: A single application container that you + want to run within a pod. + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be + a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: |- + Actions that the management system should take in response to container lifecycle events. + Cannot be updated. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + RestartPolicy defines the restart behavior of individual containers in a pod. + This field may only be set for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod's restart policy and the container type. + type: string + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default is DefaultProcMount which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is + the name of the GMSA credential spec + to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. + type: boolean + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block + devices to be used by the container. + items: + description: volumeDevice describes a mapping + of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside + of the container that the device will + be mapped to. + type: string + name: + description: name must match the name of + a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of + a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + dnsConfig: + description: |- + Specifies the DNS parameters of a pod. + Parameters specified here will be merged to the generated DNS + configuration based on DNSPolicy. + properties: + nameservers: + description: |- + A list of DNS name server IP addresses. + This will be appended to the base nameservers generated from DNSPolicy. + Duplicated nameservers will be removed. + items: + type: string + type: array + options: + description: |- + A list of DNS resolver options. + This will be merged with the base options generated from DNSPolicy. + Duplicated entries will be removed. Resolution options given in Options + will override those that appear in the base DNSPolicy. + items: + description: PodDNSConfigOption defines DNS resolver + options of a pod. + properties: + name: + description: Required. + type: string + value: + type: string + type: object + type: array + searches: + description: |- + A list of DNS search domains for host-name lookup. + This will be appended to the base search paths generated from DNSPolicy. + Duplicated search paths will be removed. + items: + type: string + type: array + type: object + dnsPolicy: + description: |- + Set DNS policy for the pod. + Defaults to "ClusterFirst". + Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. + DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. + To have DNS options set along with hostNetwork, you have to specify DNS policy + explicitly to 'ClusterFirstWithHostNet'. + type: string + enableServiceLinks: + description: |- + EnableServiceLinks indicates whether information about services should be injected into pod's + environment variables, matching the syntax of Docker links. + Optional: Defaults to true. + type: boolean + ephemeralContainers: + description: |- + List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing + pod to perform user-initiated actions such as debugging. This list cannot be specified when + creating a pod, and it cannot be modified by updating the pod spec. In order to add an + ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. + items: + description: |- + An EphemeralContainer is a temporary container that you may add to an existing Pod for + user-initiated activities such as debugging. Ephemeral containers have no resource or + scheduling guarantees, and they will not be restarted when they exit or when a Pod is + removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the + Pod to exceed its resource allocation. + properties: + args: + description: |- + Arguments to the entrypoint. + The image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". + items: + type: string + type: array + command: + description: |- + Entrypoint array. Not executed within a shell. + The image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be + a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: Lifecycle is not allowed for ephemeral + containers. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: Probes are not allowed for ephemeral + containers. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the ephemeral container specified as a DNS_LABEL. + This name must be unique among all containers, init containers and ephemeral containers. + type: string + ports: + description: Ports are not allowed for ephemeral + containers. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: Probes are not allowed for ephemeral + containers. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources + already allocated to the pod. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + Restart policy for the container to manage the restart behavior of each + container within a pod. + This may only be set for init containers. You cannot set this field on + ephemeral containers. + type: string + securityContext: + description: |- + Optional: SecurityContext defines the security options the ephemeral container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default is DefaultProcMount which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is + the name of the GMSA credential spec + to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: Probes are not allowed for ephemeral + containers. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. + type: boolean + targetContainerName: + description: |- + If set, the name of the container from PodSpec that this ephemeral container targets. + The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. + If not set then the ephemeral container uses the namespaces configured in the Pod spec. + + + The container runtime must implement support for this feature. + type: string + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block + devices to be used by the container. + items: + description: volumeDevice describes a mapping + of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside + of the container that the device will + be mapped to. + type: string + name: + description: name must match the name of + a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. + Cannot be updated. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of + a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + hostAliases: + description: |- + HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts + file if specified. This is only valid for non-hostNetwork pods. + items: + description: |- + HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the + pod's hosts file. + properties: + hostnames: + description: Hostnames for the above IP address. + items: + type: string + type: array + ip: + description: IP address of the host file entry. + type: string + type: object + type: array + hostIPC: + description: |- + Use the host's ipc namespace. + Optional: Default to false. + type: boolean + hostNetwork: + description: |- + Host networking requested for this pod. Use the host's network namespace. + If this option is set, the ports that will be used must be specified. + Default to false. + type: boolean + hostPID: + description: |- + Use the host's pid namespace. + Optional: Default to false. + type: boolean + hostUsers: + description: |- + Use the host's user namespace. + Optional: Default to true. + If set to true or not present, the pod will be run in the host user namespace, useful + for when the pod needs a feature only available to the host user namespace, such as + loading a kernel module with CAP_SYS_MODULE. + When set to false, a new userns is created for the pod. + type: boolean + hostname: + description: |- + Specifies the hostname of the Pod + If not specified, the pod's hostname will be set to a system-defined value. + type: string + imagePullSecrets: + description: |- + ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. + If specified, these secrets will be passed to individual puller implementations for them to use. + More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + description: |- + List of initialization containers belonging to the pod. + Init containers are executed in order prior to containers being started. If any + init container fails, the pod is considered to have failed and is handled according + to its restartPolicy. The name for an init container or normal container must be + unique among all containers. + items: + description: A single application container that you + want to run within a pod. + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be + a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: |- + Actions that the management system should take in response to container lifecycle events. + Cannot be updated. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + RestartPolicy defines the restart behavior of individual containers in a pod. + This field may only be set for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod's restart policy and the container type. + type: string + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default is DefaultProcMount which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is + the name of the GMSA credential spec + to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. + type: boolean + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block + devices to be used by the container. + items: + description: volumeDevice describes a mapping + of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside + of the container that the device will + be mapped to. + type: string + name: + description: name must match the name of + a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of + a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + nodeName: + description: |- + NodeName is a request to schedule this pod onto a specific node. If it is non-empty, + the scheduler simply schedules this pod onto that node, assuming that it fits resource + requirements. + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + x-kubernetes-map-type: atomic + os: + description: |- + Specifies the OS of the containers in the pod. + Some pod and container fields are restricted if this is set. + + + If the OS field is set to linux, the following fields must be unset: + -securityContext.windowsOptions + + + If the OS field is set to windows, following fields must be unset: + - spec.hostPID + - spec.hostIPC + - spec.hostUsers + - spec.securityContext.seLinuxOptions + - spec.securityContext. + properties: + name: + description: |- + Name is the name of the operating system. The currently supported values are linux and windows. + Additional value may be defined in future and can be one of: + https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration + Clients should expect to handle additional values and treat unrecognized values in this field as os: null + type: string + required: + - name + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. + This field will be autopopulated at admission time by the RuntimeClass admission controller. If + the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. + The RuntimeClass admission controller will reject Pod create requests which have the overhead already + set. + type: object + preemptionPolicy: + description: |- + PreemptionPolicy is the Policy for preempting pods with lower priority. + One of Never, PreemptLowerPriority. + Defaults to PreemptLowerPriority if unset. + type: string + priority: + description: |- + The priority value. Various system components use this field to find the + priority of the pod. When Priority Admission Controller is enabled, it + prevents users from setting this field. The admission controller populates + this field from PriorityClassName. + The higher the value, the higher the priority. + format: int32 + type: integer + priorityClassName: + description: |- + If specified, indicates the pod's priority. "system-node-critical" and + "system-cluster-critical" are two special keywords which indicate the + highest priorities with the former being the highest priority. Any other + name must be defined by creating a PriorityClass object with that name. + If not specified, the pod priority will be default or zero if there is no + default. + type: string + readinessGates: + description: |- + If specified, all readiness gates will be evaluated for pod readiness. + A pod is ready when all its containers are ready AND + all conditions specified in the readiness gates have status equal to "True" + More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates + items: + description: PodReadinessGate contains the reference + to a pod condition + properties: + conditionType: + description: ConditionType refers to a condition + in the pod's condition list with matching type. + type: string + required: + - conditionType + type: object + type: array + resourceClaims: + description: |- + ResourceClaims defines which ResourceClaims must be allocated + and reserved before the Pod is allowed to start. The resources + will be made available to those containers which consume them + by name. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. + items: + description: |- + PodResourceClaim references exactly one ResourceClaim through a ClaimSource. + It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. + Containers that need access to the ResourceClaim reference it with this name. + properties: + name: + description: |- + Name uniquely identifies this resource claim inside the pod. + This must be a DNS_LABEL. + type: string + source: + description: Source describes where to find the + ResourceClaim. + properties: + resourceClaimName: + description: |- + ResourceClaimName is the name of a ResourceClaim object in the same + namespace as this pod. + type: string + resourceClaimTemplateName: + description: |- + ResourceClaimTemplateName is the name of a ResourceClaimTemplate + object in the same namespace as this pod. + + + The template will be used to create a new ResourceClaim, which will + be bound to this pod. When this pod is deleted, the ResourceClaim + will also be deleted. + type: string + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + restartPolicy: + description: |- + Restart policy for all containers within the pod. + One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. + Default to Always. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy + type: string + runtimeClassName: + description: |- + RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used + to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. + If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an + empty definition that uses the default runtime handler. + More info: https://git.k8s. + type: string + schedulerName: + description: |- + If specified, the pod will be dispatched by specified scheduler. + If not specified, the pod will be dispatched by default scheduler. + type: string + schedulingGates: + description: |- + SchedulingGates is an opaque list of values that if specified will block scheduling the pod. + If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the + scheduler will not attempt to schedule the pod. + + + SchedulingGates can only be set at pod creation time, and be removed only afterwards. + + + This is a beta feature enabled by the PodSchedulingReadiness feature gate. + items: + description: PodSchedulingGate is associated to a + Pod to guard its scheduling. + properties: + name: + description: |- + Name of the scheduling gate. + Each scheduling gate must have a unique name field. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + securityContext: + description: |- + SecurityContext holds pod-level security attributes and common container settings. + Optional: Defaults to empty. See type description for default values of each field. + properties: + fsGroup: + description: |- + A special supplemental group that applies to all containers in a pod. + Some volume types allow the Kubelet to change the ownership of that volume + to be owned by the pod: + + + 1. The owning GID will be the FSGroup + 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + 3. + format: int64 + type: integer + fsGroupChangePolicy: + description: |- + fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + before being exposed inside Pod. This field will only apply to + volume types which support fsGroup based ownership(and permissions). + It will have no effect on ephemeral volume types such as: secret, configmaps + and emptydir. + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + type: string + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in SecurityContext. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that + applies to the container. + type: string + role: + description: Role is a SELinux role label that + applies to the container. + type: string + type: + description: Type is a SELinux type label that + applies to the container. + type: string + user: + description: User is a SELinux user label that + applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + supplementalGroups: + description: |- + A list of groups applied to the first process run in each container, in addition + to the container's primary GID, the fsGroup (if specified), and group memberships + defined in the container image for the uid of the container process. If unspecified, + no additional groups are added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: |- + Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter + to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + serviceAccount: + description: |- + DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. + Deprecated: Use serviceAccountName instead. + type: string + serviceAccountName: + description: |- + ServiceAccountName is the name of the ServiceAccount to use to run this pod. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + type: string + setHostnameAsFQDN: + description: |- + If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). + In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). + type: boolean + shareProcessNamespace: + description: |- + Share a single process namespace between all of the containers in a pod. + When this is set containers will be able to view and signal processes from other containers + in the same pod, and the first process in each container will not be assigned PID 1. + HostPID and ShareProcessNamespace cannot both be set. + Optional: Default to false. + type: boolean + subdomain: + description: |- + If specified, the fully qualified Pod hostname will be "...svc.". + If not specified, the pod will not have a domainname at all. + type: string + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + If this value is nil, the default grace period will be used instead. + format: int64 + type: integer + tolerations: + description: If specified, the pod's tolerations. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: |- + TopologySpreadConstraints describes how a group of pods ought to spread across topology + domains. Scheduler will schedule pods in a way which abides by the constraints. + All topologySpreadConstraints are ANDed. + items: + description: TopologySpreadConstraint specifies how + to spread matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + + If this value is nil, the behavior is equivalent to the Honor policy. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + + If this value is nil, the behavior is equivalent to the Ignore policy. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumes: + description: |- + List of volumes that can be mounted by containers belonging to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes + items: + description: Volume represents a named volume in a + pod that may be accessed by any container in the + pod. + properties: + awsElasticBlockStore: + description: |- + awsElasticBlockStore represents an AWS Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + format: int32 + type: integer + readOnly: + description: |- + readOnly value true will force the readOnly setting in VolumeMounts. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: boolean + volumeID: + description: |- + volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data + Disk mount on the host and bind mount to the + pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching + mode: None, Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data + disk in the blob storage + type: string + diskURI: + description: diskURI is the URI of data disk + in the blob storage + type: string + fsType: + description: |- + fsType is Filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'kind expected values are Shared: + multiple blob disks per storage account Dedicated: + single blob disk per storage account Managed: + azure managed data disk (only in managed + availability set). defaults to shared' + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File + Service mount on the host and bind mount to + the pod. + properties: + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret + that contains Azure Storage Account Name + and Key + type: string + shareName: + description: shareName is the azure share + Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount + on the host that shares a pod's lifetime + properties: + monitors: + description: |- + monitors is Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + items: + type: string + type: array + path: + description: 'path is Optional: Used as the + mounted root, rather than the full Ceph + tree, default is /' + type: string + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: boolean + secretFile: + description: |- + secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + secretRef: + description: |- + secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is optional: User is the rados user name, default is admin + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + required: + - monitors + type: object + cinder: + description: |- + cinder represents a cinder volume attached and mounted on kubelets host machine. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: boolean + secretRef: + description: |- + secretRef is optional: points to a secret object containing parameters used to connect + to OpenStack. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: |- + volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap + that should populate this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify whether the + ConfigMap or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) + represents ephemeral storage that is handled + by certain external CSI drivers (Beta feature). + properties: + driver: + description: |- + driver is the name of the CSI driver that handles this volume. + Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: |- + fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated CSI driver + which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: |- + nodePublishSecretRef is a reference to the secret object containing + sensitive information to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no secret is required. If the + secret object contains more than one secret, all secret references are passed. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: |- + readOnly specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: |- + volumeAttributes stores driver-specific properties that are passed to the CSI + driver. Consult your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API + about the pod that should populate this volume + properties: + defaultMode: + description: |- + Optional: mode bits to use on created files by default. Must be a + Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + format: int32 + type: integer + items: + description: Items is a list of downward API + volume file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: 'Required: Path is the + relative path name of the file to + be created. Must not be absolute or + contain the ''..'' path. Must be utf-8 + encoded. The first item of the relative + path must not start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + description: |- + emptyDir represents a temporary directory that shares a pod's lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + properties: + medium: + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: |- + ephemeral represents a volume that is handled by a cluster storage driver. + The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + and deleted when the pod is removed. + properties: + volumeClaimTemplate: + description: |- + Will be used to create a stand-alone PVC to provision the volume. + The pod in which this EphemeralVolumeSource is embedded will be the + owner of the PVC, i.e. the PVC will be deleted together with the + pod. The name of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` array + entry. + properties: + metadata: + description: |- + May contain labels and annotations that will be copied into the PVC + when creating it. No other fields are allowed and will be rejected during + validation. + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: |- + The specification for the PersistentVolumeClaim. The entire content is + copied unchanged into the PVC that gets created from this + template. The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type + of resource being referenced + type: string + name: + description: Name is the name + of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type + of resource being referenced + type: string + name: + description: Name is the name + of resource being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query + over volumes to consider for binding. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding + reference to the PersistentVolume + backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource + that is attached to a kubelet's host machine + and then exposed to the pod. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + lun: + description: 'lun is Optional: FC target lun + number' + format: int32 + type: integer + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target + worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: |- + wwids Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + items: + type: string + type: array + type: object + flexVolume: + description: |- + flexVolume represents a generic volume resource that is + provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver + to use for this volume. + type: string + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field + holds extra command options if any.' + type: object + readOnly: + description: |- + readOnly is Optional: defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef is Optional: secretRef is reference to the secret object containing + sensitive information to pass to the plugin scripts. This may be + empty if no secret object is specified. If the secret object + contains more than one secret, all secrets are passed to the plugin + scripts. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume + attached to a kubelet's host machine. This depends + on the Flocker control service being running + properties: + datasetName: + description: |- + datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + should be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the + dataset. This is unique identifier of a + Flocker dataset + type: string + type: object + gcePersistentDisk: + description: |- + gcePersistentDisk represents a GCE Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + properties: + fsType: + description: |- + fsType is filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + format: int32 + type: integer + pdName: + description: |- + pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: boolean + required: + - pdName + type: object + gitRepo: + description: |- + gitRepo represents a git repository at a particular revision. + DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + into the Pod's container. + properties: + directory: + description: |- + directory is the target directory name. + Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + git repository. Otherwise, if specified, the volume will contain the git repository in + the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for + the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: |- + glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/glusterfs/README.md + properties: + endpoints: + description: |- + endpoints is the endpoint name that details Glusterfs topology. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + path: + description: |- + path is the Glusterfs volume path. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + readOnly: + description: |- + readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: |- + hostPath represents a pre-existing file or directory on the host + machine that is directly exposed to the container. This is generally + used for system agents or other privileged things that are allowed + to see the host machine. Most containers will NOT need this. + More info: https://kubernetes. + properties: + path: + description: |- + path of the directory on the host. + If the path is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + type: + description: |- + type for HostPath Volume + Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + required: + - path + type: object + iscsi: + description: |- + iscsi represents an ISCSI Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://examples.k8s.io/volumes/iscsi/README.md + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether + support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether + support iSCSI Session CHAP authentication + type: boolean + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + initiatorName: + description: |- + initiatorName is the custom iSCSI Initiator Name. + If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified + Name. + type: string + iscsiInterface: + description: |- + iscsiInterface is the interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun + number. + format: int32 + type: integer + portals: + description: |- + portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret + for iSCSI target and initiator authentication + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: |- + targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: |- + name of the volume. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + nfs: + description: |- + nfs represents an NFS mount on the host that shares a pod's lifetime + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + properties: + path: + description: |- + path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + readOnly: + description: |- + readOnly here will force the NFS export to be mounted with read-only permissions. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: boolean + server: + description: |- + server is the hostname or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: |- + persistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a + PhotonController persistent disk attached and + mounted on kubelets host machine + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: pdID is the ID that identifies + Photon Controller persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx + volume attached and mounted on kubelets host + machine + properties: + fsType: + description: |- + fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies + a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources + secrets, configmaps, and downward API + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + format: int32 + type: integer + sources: + description: sources is the list of volume + projections + items: + description: Projection that may be projected + along with other supported volume types + properties: + clusterTrustBundle: + description: |- + ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field + of ClusterTrustBundle objects in an auto-updating file. + + + Alpha, gated by the ClusterTrustBundleProjection feature gate. + + + ClusterTrustBundle objects can either be selected by name, or by the + combination of signer name and a label selector. + properties: + labelSelector: + description: |- + Select all ClusterTrustBundles that match this label selector. Only has + effect if signerName is set. Mutually-exclusive with name. If unset, + interpreted as "match nothing". If set but empty, interpreted as "match + everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: |- + Select a single ClusterTrustBundle by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: |- + If true, don't block pod startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, then the named ClusterTrustBundle is + allowed not to exist. If using signerName, then the combination of + signerName and labelSelector is allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative path from + the volume root to write the bundle. + type: string + signerName: + description: |- + Select all ClusterTrustBundles that match this signer name. + Mutually-exclusive with name. The contents of all selected + ClusterTrustBundles will be unified and deduplicated. + type: string + required: + - path + type: object + configMap: + description: configMap information about + the configMap data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. + items: + description: Maps a string key + to a path within a volume. + properties: + key: + description: key is the key + to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify whether + the ConfigMap or its keys must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information + about the downwardAPI data to project + properties: + items: + description: Items is a list of + DownwardAPIVolume file + items: + description: DownwardAPIVolumeFile + represents information to create + the file containing the pod + field + properties: + fieldRef: + description: 'Required: Selects + a field of the pod: only + annotations, labels, name + and namespace are supported.' + properties: + apiVersion: + description: Version of + the schema the FieldPath + is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the + field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: 'Required: Path + is the relative path name + of the file to be created. + Must not be absolute or + contain the ''..'' path. + Must be utf-8 encoded. The + first item of the relative + path must not start with + ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container + name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies + the output format of + the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: + resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + description: secret information about + the secret data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. + items: + description: Maps a string key + to a path within a volume. + properties: + key: + description: key is the key + to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional field specify + whether the Secret or its key + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is + information about the serviceAccountToken + data to project + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + format: int64 + type: integer + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + description: quobyte represents a Quobyte mount + on the host that shares a pod's lifetime + properties: + group: + description: |- + group to map volume access to + Default is no group + type: string + readOnly: + description: |- + readOnly here will force the Quobyte volume to be mounted with read-only permissions. + Defaults to false. + type: boolean + registry: + description: |- + registry represents a single or multiple Quobyte Registry services + specified as a string as host:port pair (multiple entries are separated with commas) + which acts as the central registry for volumes + type: string + tenant: + description: |- + tenant owning the given Quobyte volume in the Backend + Used with dynamically provisioned Quobyte volumes, value is set by the plugin + type: string + user: + description: |- + user to map volume access to + Defaults to serivceaccount user + type: string + volume: + description: volume is a string that references + an already created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: |- + rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/rbd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + image: + description: |- + image is the rados image name. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + keyring: + description: |- + keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + monitors: + description: |- + monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + items: + type: string + type: array + pool: + description: |- + pool is the rados pool name. + Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: boolean + secretRef: + description: |- + secretRef is name of the authentication secret for RBDUser. If provided + overrides keyring. + Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is the rados user name. + Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent + volume attached and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". + Default is "xfs". + type: string + gateway: + description: gateway is the host address of + the ScaleIO API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name + of the ScaleIO Protection Domain for the + configured storage. + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation will fail. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable + SSL communication with Gateway, default + false + type: boolean + storageMode: + description: |- + storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage + Pool associated with the protection domain. + type: string + system: + description: system is the name of the storage + system as configured in ScaleIO. + type: string + volumeName: + description: |- + volumeName is the name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: optional field specify whether + the Secret or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + storageos: + description: storageOS represents a StorageOS + volume attached and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef specifies the secret to use for obtaining the StorageOS API + credentials. If not specified, default values will be attempted. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: |- + volumeName is the human-readable name of the StorageOS volume. Volume + names are only unique within a namespace. + type: string + volumeNamespace: + description: |- + volumeNamespace specifies the scope of the volume within StorageOS. If no + namespace is specified then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within StorageOS. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere + volume attached and mounted on kubelets host + machine + properties: + fsType: + description: |- + fsType is filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage + Policy Based Management (SPBM) profile ID + associated with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage + Policy Based Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies + vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + required: + - containers + type: object + type: object + type: object + description: |- + A map of TFReplicaType (type) to ReplicaSpec (value). Specifies the TF cluster configuration. + For example, + { + "PS": ReplicaSpec, + "Worker": ReplicaSpec, + } + type: object + required: + - tfReplicaSpecs + type: object + status: + description: |- + Most recently observed status of the TFJob. + Populated by the system. + Read-only. + properties: + completionTime: + description: |- + Represents time when the job was completed. It is not guaranteed to + be set in happens-before order across separate operations. + It is represented in RFC3339 form and is in UTC. + format: date-time + type: string + conditions: + description: Conditions is an array of current observed job conditions. + items: + description: JobCondition describes the state of the job at a certain + point. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + lastUpdateTime: + description: The last time this condition was updated. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of job condition. + type: string + required: + - status + - type + type: object + type: array + lastReconcileTime: + description: |- + Represents last time when the job was reconciled. It is not guaranteed to + be set in happens-before order across separate operations. + It is represented in RFC3339 form and is in UTC. + format: date-time + type: string + replicaStatuses: + additionalProperties: + description: ReplicaStatus represents the current observed state + of the replica. + properties: + active: + description: The number of actively running pods. + format: int32 + type: integer + failed: + description: The number of pods which reached phase Failed. + format: int32 + type: integer + labelSelector: + description: 'Deprecated: Use Selector instead' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + selector: + description: |- + A Selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty Selector matches all objects. A null + Selector matches no objects. + type: string + succeeded: + description: The number of pods which reached phase Succeeded. + format: int32 + type: integer + type: object + description: |- + ReplicaStatuses is map of ReplicaType and ReplicaStatus, + specifies the status of each replica. + type: object + startTime: + description: |- + Represents time when the job was acknowledged by the job controller. + It is not guaranteed to be set in happens-before order across separate operations. + It is represented in RFC3339 form and is in UTC. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +{{- end }} +{{- end }} diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/training-operator/kubeflow.org_xgboostjobs.yaml b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/training-operator/kubeflow.org_xgboostjobs.yaml new file mode 100644 index 00000000..fb8944e1 --- /dev/null +++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/training-operator/kubeflow.org_xgboostjobs.yaml @@ -0,0 +1,7528 @@ +{{- if (include "kubeflowCrds.trainingOperator.enabled" . | eq "true") -}} +{{- if .Values.crds.minimized }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + labels: + {{- include "kubeflowCrds.trainingOperator.labels" . | nindent 4 }} + name: {{ include "kubeflowCrds.trainingOperator.xgboostFullName" . }} +spec: + group: {{ include "kubeflowCrds.trainingOperator.group" . }} + names: + kind: XGBoostJob + listKind: XGBoostJobList + plural: {{ include "kubeflowCrds.trainingOperator.xgboostPluralName" . }} + singular: {{ include "kubeflowCrds.trainingOperator.xgboostSingularName" . }} + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[-1:].type + name: State + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: XGBoostJob is the Schema for the xgboostjobs API + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + subresources: + status: {} + +{{- else }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + labels: + {{- include "kubeflowCrds.trainingOperator.labels" . | nindent 4 }} + name: {{ include "kubeflowCrds.trainingOperator.xgboostFullName" . }} +spec: + group: {{ include "kubeflowCrds.trainingOperator.group" . }} + names: + kind: XGBoostJob + listKind: XGBoostJobList + plural: {{ include "kubeflowCrds.trainingOperator.xgboostPluralName" . }} + singular: {{ include "kubeflowCrds.trainingOperator.xgboostSingularName" . }} + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[-1:].type + name: State + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: XGBoostJob is the Schema for the xgboostjobs API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: XGBoostJobSpec defines the desired state of XGBoostJob + properties: + runPolicy: + description: |- + INSERT ADDITIONAL SPEC FIELDS - desired state of cluster + Important: Run "make" to regenerate code after modifying this file + properties: + activeDeadlineSeconds: + description: |- + Specifies the duration in seconds relative to the startTime that the job may be active + before the system tries to terminate it; value must be positive integer. + format: int64 + type: integer + backoffLimit: + description: Optional number of retries before marking this job + failed. + format: int32 + type: integer + cleanPodPolicy: + description: |- + CleanPodPolicy defines the policy to kill pods after the job completes. + Default to None. + type: string + schedulingPolicy: + description: SchedulingPolicy defines the policy related to scheduling, + e.g. gang-scheduling + properties: + minAvailable: + format: int32 + type: integer + minResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + priorityClass: + type: string + queue: + type: string + x-kubernetes-validations: + - message: spec.runPolicy.schedulingPolicy.queue is immutable + rule: self == oldSelf + scheduleTimeoutSeconds: + format: int32 + type: integer + type: object + suspend: + default: false + description: |- + suspend specifies whether the Job controller should create Pods or not. + If a Job is created with suspend set to true, no Pods are created by + the Job controller. If a Job is suspended after creation (i.e. the + flag goes from false to true), the Job controller will delete all + active Pods and PodGroups associated with this Job. + Users must design their workload to gracefully handle this. + type: boolean + ttlSecondsAfterFinished: + description: |- + TTLSecondsAfterFinished is the TTL to clean up jobs. + It may take extra ReconcilePeriod seconds for the cleanup, since + reconcile gets called periodically. + Default to infinite. + format: int32 + type: integer + type: object + xgbReplicaSpecs: + additionalProperties: + description: ReplicaSpec is a description of the replica + properties: + replicas: + description: |- + Replicas is the desired number of replicas of the given template. + If unspecified, defaults to 1. + format: int32 + type: integer + restartPolicy: + description: |- + Restart policy for all replicas within the job. + One of Always, OnFailure, Never and ExitCode. + Default to Never. + type: string + template: + description: |- + Template is the object that describes the pod that + will be created for this replica. RestartPolicy in PodTemplateSpec + will be overide by RestartPolicy in ReplicaSpec + properties: + metadata: + description: |- + Standard object's metadata. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: |- + Specification of the desired behavior of the pod. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + properties: + activeDeadlineSeconds: + description: |- + Optional duration in seconds the pod may be active on the node relative to + StartTime before the system will actively try to mark it failed and kill associated containers. + Value must be a positive integer. + format: int64 + type: integer + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules + (e.g. co-locate this pod in the same node, zone, + etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same + node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates + whether a service account token should be automatically + mounted. + type: boolean + containers: + description: |- + List of containers belonging to the pod. + Containers cannot currently be added or removed. + There must be at least one container in a Pod. + Cannot be updated. + items: + description: A single application container that you + want to run within a pod. + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be + a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: |- + Actions that the management system should take in response to container lifecycle events. + Cannot be updated. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + RestartPolicy defines the restart behavior of individual containers in a pod. + This field may only be set for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod's restart policy and the container type. + type: string + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default is DefaultProcMount which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is + the name of the GMSA credential spec + to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. + type: boolean + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block + devices to be used by the container. + items: + description: volumeDevice describes a mapping + of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside + of the container that the device will + be mapped to. + type: string + name: + description: name must match the name of + a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of + a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + dnsConfig: + description: |- + Specifies the DNS parameters of a pod. + Parameters specified here will be merged to the generated DNS + configuration based on DNSPolicy. + properties: + nameservers: + description: |- + A list of DNS name server IP addresses. + This will be appended to the base nameservers generated from DNSPolicy. + Duplicated nameservers will be removed. + items: + type: string + type: array + options: + description: |- + A list of DNS resolver options. + This will be merged with the base options generated from DNSPolicy. + Duplicated entries will be removed. Resolution options given in Options + will override those that appear in the base DNSPolicy. + items: + description: PodDNSConfigOption defines DNS resolver + options of a pod. + properties: + name: + description: Required. + type: string + value: + type: string + type: object + type: array + searches: + description: |- + A list of DNS search domains for host-name lookup. + This will be appended to the base search paths generated from DNSPolicy. + Duplicated search paths will be removed. + items: + type: string + type: array + type: object + dnsPolicy: + description: |- + Set DNS policy for the pod. + Defaults to "ClusterFirst". + Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. + DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. + To have DNS options set along with hostNetwork, you have to specify DNS policy + explicitly to 'ClusterFirstWithHostNet'. + type: string + enableServiceLinks: + description: |- + EnableServiceLinks indicates whether information about services should be injected into pod's + environment variables, matching the syntax of Docker links. + Optional: Defaults to true. + type: boolean + ephemeralContainers: + description: |- + List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing + pod to perform user-initiated actions such as debugging. This list cannot be specified when + creating a pod, and it cannot be modified by updating the pod spec. In order to add an + ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. + items: + description: |- + An EphemeralContainer is a temporary container that you may add to an existing Pod for + user-initiated activities such as debugging. Ephemeral containers have no resource or + scheduling guarantees, and they will not be restarted when they exit or when a Pod is + removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the + Pod to exceed its resource allocation. + properties: + args: + description: |- + Arguments to the entrypoint. + The image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". + items: + type: string + type: array + command: + description: |- + Entrypoint array. Not executed within a shell. + The image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be + a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: Lifecycle is not allowed for ephemeral + containers. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: Probes are not allowed for ephemeral + containers. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the ephemeral container specified as a DNS_LABEL. + This name must be unique among all containers, init containers and ephemeral containers. + type: string + ports: + description: Ports are not allowed for ephemeral + containers. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: Probes are not allowed for ephemeral + containers. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources + already allocated to the pod. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + Restart policy for the container to manage the restart behavior of each + container within a pod. + This may only be set for init containers. You cannot set this field on + ephemeral containers. + type: string + securityContext: + description: |- + Optional: SecurityContext defines the security options the ephemeral container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default is DefaultProcMount which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is + the name of the GMSA credential spec + to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: Probes are not allowed for ephemeral + containers. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. + type: boolean + targetContainerName: + description: |- + If set, the name of the container from PodSpec that this ephemeral container targets. + The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. + If not set then the ephemeral container uses the namespaces configured in the Pod spec. + + + The container runtime must implement support for this feature. + type: string + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block + devices to be used by the container. + items: + description: volumeDevice describes a mapping + of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside + of the container that the device will + be mapped to. + type: string + name: + description: name must match the name of + a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. + Cannot be updated. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of + a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + hostAliases: + description: |- + HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts + file if specified. This is only valid for non-hostNetwork pods. + items: + description: |- + HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the + pod's hosts file. + properties: + hostnames: + description: Hostnames for the above IP address. + items: + type: string + type: array + ip: + description: IP address of the host file entry. + type: string + type: object + type: array + hostIPC: + description: |- + Use the host's ipc namespace. + Optional: Default to false. + type: boolean + hostNetwork: + description: |- + Host networking requested for this pod. Use the host's network namespace. + If this option is set, the ports that will be used must be specified. + Default to false. + type: boolean + hostPID: + description: |- + Use the host's pid namespace. + Optional: Default to false. + type: boolean + hostUsers: + description: |- + Use the host's user namespace. + Optional: Default to true. + If set to true or not present, the pod will be run in the host user namespace, useful + for when the pod needs a feature only available to the host user namespace, such as + loading a kernel module with CAP_SYS_MODULE. + When set to false, a new userns is created for the pod. + type: boolean + hostname: + description: |- + Specifies the hostname of the Pod + If not specified, the pod's hostname will be set to a system-defined value. + type: string + imagePullSecrets: + description: |- + ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. + If specified, these secrets will be passed to individual puller implementations for them to use. + More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + description: |- + List of initialization containers belonging to the pod. + Init containers are executed in order prior to containers being started. If any + init container fails, the pod is considered to have failed and is handled according + to its restartPolicy. The name for an init container or normal container must be + unique among all containers. + items: + description: A single application container that you + want to run within a pod. + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be + a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: |- + Actions that the management system should take in response to container lifecycle events. + Cannot be updated. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + RestartPolicy defines the restart behavior of individual containers in a pod. + This field may only be set for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod's restart policy and the container type. + type: string + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default is DefaultProcMount which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is + the name of the GMSA credential spec + to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. + type: boolean + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block + devices to be used by the container. + items: + description: volumeDevice describes a mapping + of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside + of the container that the device will + be mapped to. + type: string + name: + description: name must match the name of + a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of + a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + nodeName: + description: |- + NodeName is a request to schedule this pod onto a specific node. If it is non-empty, + the scheduler simply schedules this pod onto that node, assuming that it fits resource + requirements. + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + x-kubernetes-map-type: atomic + os: + description: |- + Specifies the OS of the containers in the pod. + Some pod and container fields are restricted if this is set. + + + If the OS field is set to linux, the following fields must be unset: + -securityContext.windowsOptions + + + If the OS field is set to windows, following fields must be unset: + - spec.hostPID + - spec.hostIPC + - spec.hostUsers + - spec.securityContext.seLinuxOptions + - spec.securityContext. + properties: + name: + description: |- + Name is the name of the operating system. The currently supported values are linux and windows. + Additional value may be defined in future and can be one of: + https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration + Clients should expect to handle additional values and treat unrecognized values in this field as os: null + type: string + required: + - name + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. + This field will be autopopulated at admission time by the RuntimeClass admission controller. If + the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. + The RuntimeClass admission controller will reject Pod create requests which have the overhead already + set. + type: object + preemptionPolicy: + description: |- + PreemptionPolicy is the Policy for preempting pods with lower priority. + One of Never, PreemptLowerPriority. + Defaults to PreemptLowerPriority if unset. + type: string + priority: + description: |- + The priority value. Various system components use this field to find the + priority of the pod. When Priority Admission Controller is enabled, it + prevents users from setting this field. The admission controller populates + this field from PriorityClassName. + The higher the value, the higher the priority. + format: int32 + type: integer + priorityClassName: + description: |- + If specified, indicates the pod's priority. "system-node-critical" and + "system-cluster-critical" are two special keywords which indicate the + highest priorities with the former being the highest priority. Any other + name must be defined by creating a PriorityClass object with that name. + If not specified, the pod priority will be default or zero if there is no + default. + type: string + readinessGates: + description: |- + If specified, all readiness gates will be evaluated for pod readiness. + A pod is ready when all its containers are ready AND + all conditions specified in the readiness gates have status equal to "True" + More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates + items: + description: PodReadinessGate contains the reference + to a pod condition + properties: + conditionType: + description: ConditionType refers to a condition + in the pod's condition list with matching type. + type: string + required: + - conditionType + type: object + type: array + resourceClaims: + description: |- + ResourceClaims defines which ResourceClaims must be allocated + and reserved before the Pod is allowed to start. The resources + will be made available to those containers which consume them + by name. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. + items: + description: |- + PodResourceClaim references exactly one ResourceClaim through a ClaimSource. + It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. + Containers that need access to the ResourceClaim reference it with this name. + properties: + name: + description: |- + Name uniquely identifies this resource claim inside the pod. + This must be a DNS_LABEL. + type: string + source: + description: Source describes where to find the + ResourceClaim. + properties: + resourceClaimName: + description: |- + ResourceClaimName is the name of a ResourceClaim object in the same + namespace as this pod. + type: string + resourceClaimTemplateName: + description: |- + ResourceClaimTemplateName is the name of a ResourceClaimTemplate + object in the same namespace as this pod. + + + The template will be used to create a new ResourceClaim, which will + be bound to this pod. When this pod is deleted, the ResourceClaim + will also be deleted. + type: string + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + restartPolicy: + description: |- + Restart policy for all containers within the pod. + One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. + Default to Always. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy + type: string + runtimeClassName: + description: |- + RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used + to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. + If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an + empty definition that uses the default runtime handler. + More info: https://git.k8s. + type: string + schedulerName: + description: |- + If specified, the pod will be dispatched by specified scheduler. + If not specified, the pod will be dispatched by default scheduler. + type: string + schedulingGates: + description: |- + SchedulingGates is an opaque list of values that if specified will block scheduling the pod. + If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the + scheduler will not attempt to schedule the pod. + + + SchedulingGates can only be set at pod creation time, and be removed only afterwards. + + + This is a beta feature enabled by the PodSchedulingReadiness feature gate. + items: + description: PodSchedulingGate is associated to a + Pod to guard its scheduling. + properties: + name: + description: |- + Name of the scheduling gate. + Each scheduling gate must have a unique name field. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + securityContext: + description: |- + SecurityContext holds pod-level security attributes and common container settings. + Optional: Defaults to empty. See type description for default values of each field. + properties: + fsGroup: + description: |- + A special supplemental group that applies to all containers in a pod. + Some volume types allow the Kubelet to change the ownership of that volume + to be owned by the pod: + + + 1. The owning GID will be the FSGroup + 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + 3. + format: int64 + type: integer + fsGroupChangePolicy: + description: |- + fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + before being exposed inside Pod. This field will only apply to + volume types which support fsGroup based ownership(and permissions). + It will have no effect on ephemeral volume types such as: secret, configmaps + and emptydir. + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + type: string + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in SecurityContext. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that + applies to the container. + type: string + role: + description: Role is a SELinux role label that + applies to the container. + type: string + type: + description: Type is a SELinux type label that + applies to the container. + type: string + user: + description: User is a SELinux user label that + applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + supplementalGroups: + description: |- + A list of groups applied to the first process run in each container, in addition + to the container's primary GID, the fsGroup (if specified), and group memberships + defined in the container image for the uid of the container process. If unspecified, + no additional groups are added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: |- + Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter + to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + serviceAccount: + description: |- + DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. + Deprecated: Use serviceAccountName instead. + type: string + serviceAccountName: + description: |- + ServiceAccountName is the name of the ServiceAccount to use to run this pod. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + type: string + setHostnameAsFQDN: + description: |- + If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). + In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). + type: boolean + shareProcessNamespace: + description: |- + Share a single process namespace between all of the containers in a pod. + When this is set containers will be able to view and signal processes from other containers + in the same pod, and the first process in each container will not be assigned PID 1. + HostPID and ShareProcessNamespace cannot both be set. + Optional: Default to false. + type: boolean + subdomain: + description: |- + If specified, the fully qualified Pod hostname will be "...svc.". + If not specified, the pod will not have a domainname at all. + type: string + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + If this value is nil, the default grace period will be used instead. + format: int64 + type: integer + tolerations: + description: If specified, the pod's tolerations. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: |- + TopologySpreadConstraints describes how a group of pods ought to spread across topology + domains. Scheduler will schedule pods in a way which abides by the constraints. + All topologySpreadConstraints are ANDed. + items: + description: TopologySpreadConstraint specifies how + to spread matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + + If this value is nil, the behavior is equivalent to the Honor policy. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + + If this value is nil, the behavior is equivalent to the Ignore policy. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumes: + description: |- + List of volumes that can be mounted by containers belonging to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes + items: + description: Volume represents a named volume in a + pod that may be accessed by any container in the + pod. + properties: + awsElasticBlockStore: + description: |- + awsElasticBlockStore represents an AWS Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + format: int32 + type: integer + readOnly: + description: |- + readOnly value true will force the readOnly setting in VolumeMounts. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: boolean + volumeID: + description: |- + volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data + Disk mount on the host and bind mount to the + pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching + mode: None, Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data + disk in the blob storage + type: string + diskURI: + description: diskURI is the URI of data disk + in the blob storage + type: string + fsType: + description: |- + fsType is Filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'kind expected values are Shared: + multiple blob disks per storage account Dedicated: + single blob disk per storage account Managed: + azure managed data disk (only in managed + availability set). defaults to shared' + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File + Service mount on the host and bind mount to + the pod. + properties: + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret + that contains Azure Storage Account Name + and Key + type: string + shareName: + description: shareName is the azure share + Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount + on the host that shares a pod's lifetime + properties: + monitors: + description: |- + monitors is Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + items: + type: string + type: array + path: + description: 'path is Optional: Used as the + mounted root, rather than the full Ceph + tree, default is /' + type: string + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: boolean + secretFile: + description: |- + secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + secretRef: + description: |- + secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is optional: User is the rados user name, default is admin + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + required: + - monitors + type: object + cinder: + description: |- + cinder represents a cinder volume attached and mounted on kubelets host machine. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: boolean + secretRef: + description: |- + secretRef is optional: points to a secret object containing parameters used to connect + to OpenStack. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: |- + volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap + that should populate this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify whether the + ConfigMap or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) + represents ephemeral storage that is handled + by certain external CSI drivers (Beta feature). + properties: + driver: + description: |- + driver is the name of the CSI driver that handles this volume. + Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: |- + fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated CSI driver + which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: |- + nodePublishSecretRef is a reference to the secret object containing + sensitive information to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no secret is required. If the + secret object contains more than one secret, all secret references are passed. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: |- + readOnly specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: |- + volumeAttributes stores driver-specific properties that are passed to the CSI + driver. Consult your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API + about the pod that should populate this volume + properties: + defaultMode: + description: |- + Optional: mode bits to use on created files by default. Must be a + Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + format: int32 + type: integer + items: + description: Items is a list of downward API + volume file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: 'Required: Path is the + relative path name of the file to + be created. Must not be absolute or + contain the ''..'' path. Must be utf-8 + encoded. The first item of the relative + path must not start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + description: |- + emptyDir represents a temporary directory that shares a pod's lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + properties: + medium: + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: |- + ephemeral represents a volume that is handled by a cluster storage driver. + The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + and deleted when the pod is removed. + properties: + volumeClaimTemplate: + description: |- + Will be used to create a stand-alone PVC to provision the volume. + The pod in which this EphemeralVolumeSource is embedded will be the + owner of the PVC, i.e. the PVC will be deleted together with the + pod. The name of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` array + entry. + properties: + metadata: + description: |- + May contain labels and annotations that will be copied into the PVC + when creating it. No other fields are allowed and will be rejected during + validation. + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: |- + The specification for the PersistentVolumeClaim. The entire content is + copied unchanged into the PVC that gets created from this + template. The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type + of resource being referenced + type: string + name: + description: Name is the name + of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type + of resource being referenced + type: string + name: + description: Name is the name + of resource being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query + over volumes to consider for binding. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding + reference to the PersistentVolume + backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource + that is attached to a kubelet's host machine + and then exposed to the pod. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + lun: + description: 'lun is Optional: FC target lun + number' + format: int32 + type: integer + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target + worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: |- + wwids Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + items: + type: string + type: array + type: object + flexVolume: + description: |- + flexVolume represents a generic volume resource that is + provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver + to use for this volume. + type: string + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field + holds extra command options if any.' + type: object + readOnly: + description: |- + readOnly is Optional: defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef is Optional: secretRef is reference to the secret object containing + sensitive information to pass to the plugin scripts. This may be + empty if no secret object is specified. If the secret object + contains more than one secret, all secrets are passed to the plugin + scripts. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume + attached to a kubelet's host machine. This depends + on the Flocker control service being running + properties: + datasetName: + description: |- + datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + should be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the + dataset. This is unique identifier of a + Flocker dataset + type: string + type: object + gcePersistentDisk: + description: |- + gcePersistentDisk represents a GCE Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + properties: + fsType: + description: |- + fsType is filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + format: int32 + type: integer + pdName: + description: |- + pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: boolean + required: + - pdName + type: object + gitRepo: + description: |- + gitRepo represents a git repository at a particular revision. + DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + into the Pod's container. + properties: + directory: + description: |- + directory is the target directory name. + Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + git repository. Otherwise, if specified, the volume will contain the git repository in + the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for + the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: |- + glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/glusterfs/README.md + properties: + endpoints: + description: |- + endpoints is the endpoint name that details Glusterfs topology. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + path: + description: |- + path is the Glusterfs volume path. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + readOnly: + description: |- + readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: |- + hostPath represents a pre-existing file or directory on the host + machine that is directly exposed to the container. This is generally + used for system agents or other privileged things that are allowed + to see the host machine. Most containers will NOT need this. + More info: https://kubernetes. + properties: + path: + description: |- + path of the directory on the host. + If the path is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + type: + description: |- + type for HostPath Volume + Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + required: + - path + type: object + iscsi: + description: |- + iscsi represents an ISCSI Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://examples.k8s.io/volumes/iscsi/README.md + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether + support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether + support iSCSI Session CHAP authentication + type: boolean + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + initiatorName: + description: |- + initiatorName is the custom iSCSI Initiator Name. + If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified + Name. + type: string + iscsiInterface: + description: |- + iscsiInterface is the interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun + number. + format: int32 + type: integer + portals: + description: |- + portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret + for iSCSI target and initiator authentication + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: |- + targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: |- + name of the volume. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + nfs: + description: |- + nfs represents an NFS mount on the host that shares a pod's lifetime + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + properties: + path: + description: |- + path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + readOnly: + description: |- + readOnly here will force the NFS export to be mounted with read-only permissions. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: boolean + server: + description: |- + server is the hostname or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: |- + persistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a + PhotonController persistent disk attached and + mounted on kubelets host machine + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: pdID is the ID that identifies + Photon Controller persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx + volume attached and mounted on kubelets host + machine + properties: + fsType: + description: |- + fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies + a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources + secrets, configmaps, and downward API + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + format: int32 + type: integer + sources: + description: sources is the list of volume + projections + items: + description: Projection that may be projected + along with other supported volume types + properties: + clusterTrustBundle: + description: |- + ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field + of ClusterTrustBundle objects in an auto-updating file. + + + Alpha, gated by the ClusterTrustBundleProjection feature gate. + + + ClusterTrustBundle objects can either be selected by name, or by the + combination of signer name and a label selector. + properties: + labelSelector: + description: |- + Select all ClusterTrustBundles that match this label selector. Only has + effect if signerName is set. Mutually-exclusive with name. If unset, + interpreted as "match nothing". If set but empty, interpreted as "match + everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: |- + Select a single ClusterTrustBundle by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: |- + If true, don't block pod startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, then the named ClusterTrustBundle is + allowed not to exist. If using signerName, then the combination of + signerName and labelSelector is allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative path from + the volume root to write the bundle. + type: string + signerName: + description: |- + Select all ClusterTrustBundles that match this signer name. + Mutually-exclusive with name. The contents of all selected + ClusterTrustBundles will be unified and deduplicated. + type: string + required: + - path + type: object + configMap: + description: configMap information about + the configMap data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. + items: + description: Maps a string key + to a path within a volume. + properties: + key: + description: key is the key + to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify whether + the ConfigMap or its keys must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information + about the downwardAPI data to project + properties: + items: + description: Items is a list of + DownwardAPIVolume file + items: + description: DownwardAPIVolumeFile + represents information to create + the file containing the pod + field + properties: + fieldRef: + description: 'Required: Selects + a field of the pod: only + annotations, labels, name + and namespace are supported.' + properties: + apiVersion: + description: Version of + the schema the FieldPath + is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the + field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: 'Required: Path + is the relative path name + of the file to be created. + Must not be absolute or + contain the ''..'' path. + Must be utf-8 encoded. The + first item of the relative + path must not start with + ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container + name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies + the output format of + the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: + resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + description: secret information about + the secret data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. + items: + description: Maps a string key + to a path within a volume. + properties: + key: + description: key is the key + to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional field specify + whether the Secret or its key + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is + information about the serviceAccountToken + data to project + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + format: int64 + type: integer + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + description: quobyte represents a Quobyte mount + on the host that shares a pod's lifetime + properties: + group: + description: |- + group to map volume access to + Default is no group + type: string + readOnly: + description: |- + readOnly here will force the Quobyte volume to be mounted with read-only permissions. + Defaults to false. + type: boolean + registry: + description: |- + registry represents a single or multiple Quobyte Registry services + specified as a string as host:port pair (multiple entries are separated with commas) + which acts as the central registry for volumes + type: string + tenant: + description: |- + tenant owning the given Quobyte volume in the Backend + Used with dynamically provisioned Quobyte volumes, value is set by the plugin + type: string + user: + description: |- + user to map volume access to + Defaults to serivceaccount user + type: string + volume: + description: volume is a string that references + an already created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: |- + rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/rbd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + image: + description: |- + image is the rados image name. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + keyring: + description: |- + keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + monitors: + description: |- + monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + items: + type: string + type: array + pool: + description: |- + pool is the rados pool name. + Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: boolean + secretRef: + description: |- + secretRef is name of the authentication secret for RBDUser. If provided + overrides keyring. + Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is the rados user name. + Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent + volume attached and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". + Default is "xfs". + type: string + gateway: + description: gateway is the host address of + the ScaleIO API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name + of the ScaleIO Protection Domain for the + configured storage. + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation will fail. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable + SSL communication with Gateway, default + false + type: boolean + storageMode: + description: |- + storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage + Pool associated with the protection domain. + type: string + system: + description: system is the name of the storage + system as configured in ScaleIO. + type: string + volumeName: + description: |- + volumeName is the name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: optional field specify whether + the Secret or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + storageos: + description: storageOS represents a StorageOS + volume attached and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef specifies the secret to use for obtaining the StorageOS API + credentials. If not specified, default values will be attempted. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: |- + volumeName is the human-readable name of the StorageOS volume. Volume + names are only unique within a namespace. + type: string + volumeNamespace: + description: |- + volumeNamespace specifies the scope of the volume within StorageOS. If no + namespace is specified then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within StorageOS. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere + volume attached and mounted on kubelets host + machine + properties: + fsType: + description: |- + fsType is filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage + Policy Based Management (SPBM) profile ID + associated with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage + Policy Based Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies + vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + required: + - containers + type: object + type: object + type: object + type: object + required: + - xgbReplicaSpecs + type: object + status: + description: JobStatus represents the current observed state of the training + Job. + properties: + completionTime: + description: |- + Represents time when the job was completed. It is not guaranteed to + be set in happens-before order across separate operations. + It is represented in RFC3339 form and is in UTC. + format: date-time + type: string + conditions: + description: Conditions is an array of current observed job conditions. + items: + description: JobCondition describes the state of the job at a certain + point. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + lastUpdateTime: + description: The last time this condition was updated. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of job condition. + type: string + required: + - status + - type + type: object + type: array + lastReconcileTime: + description: |- + Represents last time when the job was reconciled. It is not guaranteed to + be set in happens-before order across separate operations. + It is represented in RFC3339 form and is in UTC. + format: date-time + type: string + replicaStatuses: + additionalProperties: + description: ReplicaStatus represents the current observed state + of the replica. + properties: + active: + description: The number of actively running pods. + format: int32 + type: integer + failed: + description: The number of pods which reached phase Failed. + format: int32 + type: integer + labelSelector: + description: 'Deprecated: Use Selector instead' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + selector: + description: |- + A Selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty Selector matches all objects. A null + Selector matches no objects. + type: string + succeeded: + description: The number of pods which reached phase Succeeded. + format: int32 + type: integer + type: object + description: |- + ReplicaStatuses is map of ReplicaType and ReplicaStatus, + specifies the status of each replica. + type: object + startTime: + description: |- + Represents time when the job was acknowledged by the job controller. + It is not guaranteed to be set in happens-before order across separate operations. + It is represented in RFC3339 form and is in UTC. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +{{- end }} +{{- end }} diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/values.yaml b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/values.yaml new file mode 100644 index 00000000..b6b4b832 --- /dev/null +++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/values.yaml @@ -0,0 +1,47 @@ +# This namespace allows you to define where the services will be installed into +# if not set then they will use the namespace of the release +# This is helpful when installing Kubeflow as a chart dependency (sub chart). +namespace: "" + +nameOverride: "" +fullnameOverride: "" + +crds: + minimized: true + +admissionWebhook: + enabled: true + +notebooks: + enabled: true + controller: + certManager: + enabled: false + webhook: + enabled: false + enabled: true + pvcviewerController: + enabled: true + +profilesController: + enabled: true + +katib: + enabled: true + controller: + enabled: true + +pipelines: + enabled: true + scheduledWorkflow: + enabled: true + viewerCrd: + enabled: true + +tensorboard: + enabled: true + controller: + enabled: true + +trainingOperator: + enabled: true diff --git a/packs/kubeflow-crds-1.9.1/logo.png b/packs/kubeflow-crds-1.9.1/logo.png new file mode 100644 index 00000000..f29aa94b Binary files /dev/null and b/packs/kubeflow-crds-1.9.1/logo.png differ diff --git a/packs/kubeflow-crds-1.9.1/pack.json b/packs/kubeflow-crds-1.9.1/pack.json new file mode 100644 index 00000000..c5231374 --- /dev/null +++ b/packs/kubeflow-crds-1.9.1/pack.json @@ -0,0 +1,17 @@ +{ + "addonType":"ai", + "annotations": { + "source": "community", + "contributor" : "spectrocloud" + }, + "cloudTypes": [ + "all" + ], + "displayName": "Kubeflow CRDs", + "charts": [ + "charts/kubeflow-crds-0.4.1.tgz" + ], + "layer": "addon", + "name": "kubeflow-crds", + "version": "1.9.1" +} diff --git a/packs/kubeflow-crds-1.9.1/values.yaml b/packs/kubeflow-crds-1.9.1/values.yaml new file mode 100644 index 00000000..ef423a1e --- /dev/null +++ b/packs/kubeflow-crds-1.9.1/values.yaml @@ -0,0 +1,52 @@ +pack: + content: + images: [] +charts: + kubeflow-crds: + # This namespace allows you to define where the services will be installed into + # if not set then they will use the namespace of the release + # This is helpful when installing Kubeflow as a chart dependency (sub chart). + namespace: "" + + nameOverride: "" + fullnameOverride: "" + + crds: + minimized: true + + admissionWebhook: + enabled: true + + notebooks: + enabled: true + controller: + certManager: + enabled: false + webhook: + enabled: false + enabled: true + pvcviewerController: + enabled: true + + profilesController: + enabled: true + + katib: + enabled: true + controller: + enabled: true + + pipelines: + enabled: true + scheduledWorkflow: + enabled: true + viewerCrd: + enabled: true + + tensorboard: + enabled: true + controller: + enabled: true + + trainingOperator: + enabled: true \ No newline at end of file diff --git a/packs/oauth2-proxy-8.2.0/README.md b/packs/oauth2-proxy-8.2.0/README.md new file mode 100644 index 00000000..fe13f75e --- /dev/null +++ b/packs/oauth2-proxy-8.2.0/README.md @@ -0,0 +1,380 @@ +# oauth2-proxy + +[oauth2-proxy](https://github.com/oauth2-proxy/oauth2-proxy) is a reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others) to validate accounts by e-mail, domain, or group. + +## TL;DR; + +```console +$ helm repo add oauth2-proxy https://oauth2-proxy.github.io/manifests +$ helm install my-release oauth2-proxy/oauth2-proxy +``` + +## Introduction + +This chart bootstraps an oauth2-proxy deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +$ helm install my-release oauth2-proxy/oauth2-proxy +``` + +The command deploys oauth2-proxy on the Kubernetes cluster in the default configuration. +The [configuration](#configuration) section lists the parameters that can be configured during installation. + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```console +$ helm uninstall my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Upgrading an existing Release to a new major version + +A major chart version change (like v1.2.3 -> v2.0.0) indicates an incompatible breaking change needing manual actions. + +### To 1.0.0 + +This version upgrades oauth2-proxy to v4.0.0. To upgrade, please see the [changelog](https://github.com/oauth2-proxy/oauth2-proxy/blob/v4.0.0/CHANGELOG.md#v400). + +### To 2.0.0 + +Version 2.0.0 of this chart introduces support for Kubernetes v1.16.x by addressing the Deployment object apiVersion `apps/v1beta2` deprecation. +See [the v1.16 API deprecations page](https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/) for more information. + +Due to [this issue](https://github.com/helm/helm/issues/6583), errors may occur when performing a `helm upgrade` of this chart from versions earlier than 2.0.0. + +### To 3.0.0 + +Version 3.0.0 introduces support for [EKS IAM roles for service accounts](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html) by adding a managed service account to the chart. +This is a breaking change since the service account is enabled by default. +To disable this behaviour set `serviceAccount.enabled` to `false` + +### To 4.0.0 + +Version 4.0.0 adds support for the new Ingress apiVersion **networking.k8s.io/v1**. +Therefore, the `ingress.extraPaths` parameter must be updated to the new format. +See the [v1.22 API deprecations guide](https://kubernetes.io/docs/reference/using-api/deprecation-guide/#ingress-v122) for more information. + +For the same reason `service.port` was renamed to `service.portNumber`. + +### To 5.0.0 + +Version 5.0.0 introduces support for custom labels and refactor [Kubernetes recommended labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/common-labels/). +This is a breaking change because many labels of all resources need to be updated to stay consistent. + +In order to upgrade, delete the Deployment before upgrading: + +```bash +kubectl delete deployment my-release-oauth2-proxy +``` + +This will introduce a slight downtime. + +For users who don't want downtime, you can perform these actions: + +- Perform a non-cascading removal of the deployment that keeps the pods running +- Add new labels to pods +- Perform `helm upgrade` + +### To 6.0.0 + +Version 6.0.0 bumps the version of the Redis subchart from ~10.6.0 to ~16.4.0. +You probably need to adjust your Redis configuration. +See [here](https://github.com/bitnami/charts/tree/master/bitnami/redis#upgrading) for detailed upgrade instructions. + +### To 7.0.0 + +Version 7.0.0 introduces a new implementation to support multiple hostAliases. +You probably need to adjust your hostAliases config. +See [here](https://github.com/oauth2-proxy/manifests/pull/164/) for detailed information. + +### To 8.0.0 - Bitnami 💀 + +Version 8.0.0 removes the dependency on the Bitnami Redis subchart and replaces it with the `dandydeveloper/redis-ha` chart. Therefore this version introduces a breaking change to the redis subchart deployment configuration. Please refer to the official [redis-ha repository](https://github.com/DandyDeveloper/charts/tree/master/charts/redis-ha) for details. Furthermore, you can reference the redis CI test value files we use [here](https://github.com/oauth2-proxy/manifests/tree/main/helm/oauth2-proxy/ci). + +Furthermore, you can read up on why this change was necessary in [Breaking changes in Bitnami Catalog #323](https://github.com/oauth2-proxy/manifests/issues/323) + + +## Configuration + +The following table lists the configurable parameters of the oauth2-proxy chart and their default values. + +| Parameter | Description | Default | +| ----------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------- | +| `affinity` | node/pod affinities | None | +| `authenticatedEmailsFile.enabled` | Enables authorize individual e-mail addresses | `false` | +| `authenticatedEmailsFile.persistence` | Defines how the e-mail addresses file will be projected, via a configmap or secret | `configmap` | +| `authenticatedEmailsFile.template` | Name of the configmap or secret that is handled outside of that chart | `""` | +| `authenticatedEmailsFile.restrictedUserAccessKey` | The key of the configmap or secret that holds the e-mail addresses list | `""` | +| `authenticatedEmailsFile.restricted_access` | [e-mail addresses](https://oauth2-proxy.github.io/oauth2-proxy/configuration/providers/#email-authentication) list config | `""` | +| `authenticatedEmailsFile.annotations` | configmap or secret annotations | `nil` | +| `config.clientID` | oauth client ID | `""` | +| `config.clientSecret` | oauth client secret | `""` | +| `config.cookieSecret` | server specific cookie for the secret; create a new one with `openssl rand -base64 32 \| head -c 32 \| base64` | `""` | +| `config.existingSecret` | existing Kubernetes secret to use for OAuth2 credentials. See [oauth2-proxy.secrets helper](https://github.com/oauth2-proxy/manifests/blob/main/helm/oauth2-proxy/templates/_helpers.tpl#L157C13-L157C33) for the required values | `nil` | +| `config.configFile` | custom [oauth2_proxy.cfg](https://github.com/oauth2-proxy/oauth2-proxy/blob/master/contrib/oauth2-proxy.cfg.example) contents for settings not overridable via environment nor command line | `""` | +| `config.existingConfig` | existing Kubernetes configmap to use for the configuration file. See [config template](https://github.com/oauth2-proxy/manifests/blob/master/helm/oauth2-proxy/templates/configmap.yaml) for the required values | `nil` | +| `config.cookieName` | The name of the cookie that oauth2-proxy will create. | `""` | +| `autoscaling.enabled` | Deploy a Horizontal Pod Autoscaler. | `false` | +| `autoscaling.minReplicas` | Minimum replicas for the Horizontal Pod Autoscaler. | `1` | +| `autoscaling.maxReplicas` | Maximum replicas for the Horizontal Pod Autoscaler. | `10` | +| `autoscaling.targetCPUUtilizationPercentage` | Horizontal Pod Autoscaler setting. | `80` | +| `autoscaling.targetMemoryUtilizationPercentage` | Horizontal Pod Autoscaler setting. | `` | +| `autoscaling.annotations` | Horizontal Pod Autoscaler annotations. | `{}` | +| `autoscaling.behavior` | Configure HPA behavior policies for scaling. See [docs](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#configuring-scaling-behavior) | `{}` | +| `alphaConfig.enabled` | Flag to toggle any alpha config-related logic | `false` | +| `alphaConfig.annotations` | Configmap annotations | `{}` | +| `alphaConfig.serverConfigData` | Arbitrary configuration data to append to the server section | `{}` | +| `alphaConfig.metricsConfigData` | Arbitrary configuration data to append to the metrics section | `{}` | +| `alphaConfig.configData` | Arbitrary configuration data to append | `{}` | +| `alphaConfig.configFile` | Arbitrary configuration to append, treated as a Go template and rendered with the root context | `""` | +| `alphaConfig.existingConfig` | existing Kubernetes configmap to use for the alpha configuration file. See [config template](https://github.com/oauth2-proxy/manifests/blob/master/helm/oauth2-proxy/templates/secret-alpha.yaml) for the required values | `nil` | +| `alphaConfig.existingSecret` | existing Kubernetes secret to use for the alpha configuration file. See [config template](https://github.com/oauth2-proxy/manifests/blob/master/helm/oauth2-proxy/templates/secret-alpha.yaml) for the required values | `nil` | +| `customLabels` | Custom labels to add into metadata | `{}` | +| `config.google.adminEmail` | user impersonated by the Google service account | `""` | +| `config.google.useApplicationDefaultCredentials` | use the application-default credentials (i.e. Workload Identity on GKE) instead of providing a service account JSON | `false` | +| `config.google.targetPrincipal` | service account to use/impersonate | `""` | +| `config.google.serviceAccountJson` | Google service account JSON contents | `""` | +| `config.google.existingConfig` | existing Kubernetes configmap to use for the service account file. See [Google secret template](https://github.com/oauth2-proxy/manifests/blob/master/helm/oauth2-proxy/templates/google-secret.yaml) for the required values | `nil` | +| `config.google.groups` | restrict logins to members of these Google groups | `[]` | +| `containerPort` | used to customize port on the deployment | `""` | +| `enableServiceLinks` | configure deployment enableServiceLinks | `true` | +| `extraArgs` | Extra arguments to give the binary. Either as a map with key:value pairs or as a list type, which allows the same flag to be configured multiple times. (e.g. `["--allowed-role=CLIENT_ID:CLIENT_ROLE_NAME_A", "--allowed-role=CLIENT_ID:CLIENT_ROLE_NAME_B"]`). | `{}` or `[]` | +| `extraContainers` | List of extra containers to be added to the pod | `[]` | +| `extraInitContainers` | List of extra initContainers to be added to the pod | `[]` | +| `extraEnv` | key:value list of extra environment variables to give the binary | `[]` | +| `extraVolumes` | list of extra volumes | `[]` | +| `extraVolumeMounts` | list of extra volumeMounts | `[]` | +| `hostAliases` | hostAliases is a list of aliases to be added to /etc/hosts for network name resolution. | | +| `htpasswdFile.enabled` | enable htpasswd-file option | `false` | +| `htpasswdFile.entries` | list of [encrypted user:passwords](https://oauth2-proxy.github.io/oauth2-proxy/configuration/overview#command-line-options) | `{}` | +| `htpasswdFile.existingSecret` | existing Kubernetes secret to use for OAuth2 htpasswd file | `""` | +| `httpScheme` | `http` or `https`. `name` used for the port on the deployment. `httpGet` port `name` and `scheme` used for `liveness`- and `readinessProbes`. `name` and `targetPort` used for the service. | `http` | +| `image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `image.command` | Define command to be executed by container at startup | `[]` | +| `image.repository` | Image repository | `quay.io/oauth2-proxy/oauth2-proxy` | +| `image.tag` | Image tag | `""` (defaults to appVersion) | +| `imagePullSecrets` | Specify image pull secrets | `nil` (does not add image pull secrets to deployed pods) | +| `ingress.enabled` | Enable Ingress | `false` | +| `ingress.className` | name referencing IngressClass | `nil` | +| `ingress.path` | Ingress accepted path | `/` | +| `ingress.pathType` | Ingress [path type](https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types) | `ImplementationSpecific` | +| `ingress.extraPaths` | Ingress extra paths to prepend to every host configuration. Useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.8/guide/ingress/annotations/). | `[]` | +| `ingress.labels` | Ingress extra labels | `{}` | +| `ingress.annotations` | Ingress annotations | `nil` | +| `ingress.hosts` | Ingress accepted hostnames | `nil` | +| `ingress.tls` | Ingress TLS configuration | `nil` | +| `initContainers.waitForRedis.enabled` | If `redis.enabled` is true, use an init container to wait for the Redis master pod to be ready. If `serviceAccount.enabled` is true, create additionally a role/binding to get, list, and watch the Redis master pod | `true` | +| `initContainers.waitForRedis.image.pullPolicy` | kubectl image pull policy | `IfNotPresent` | +| `initContainers.waitForRedis.image.repository` | kubectl image repository | `docker.io/bitnami/kubectl` | +| `initContainers.waitForRedis.kubectlVersion` | kubectl version to use for the init container | `printf "%s.%s" .Capabilities.KubeVersion.Major (.Capabilities.KubeVersion.Minor \| replace "+" "")` | +| `initContainers.waitForRedis.securityContext.enabled` | enable Kubernetes security context on container | `true` | +| `initContainers.waitForRedis.timeout` | number of seconds | 180 | +| `initContainers.waitForRedis.resources` | pod resource requests & limits | `{}` | +| `livenessProbe.enabled` | enable Kubernetes livenessProbe. Disable to use oauth2-proxy with Istio mTLS. See [Istio FAQ](https://istio.io/help/faq/security/#k8s-health-checks) | `true` | +| `livenessProbe.initialDelaySeconds` | number of seconds | 0 | +| `livenessProbe.timeoutSeconds` | number of seconds | 1 | +| `namespaceOverride` | Override the deployment namespace | `""` | +| `nodeSelector` | node labels for pod assignment | `{}` | +| `deploymentAnnotations` | annotations to add to the deployment | `{}` | +| `podAnnotations` | annotations to add to each pod | `{}` | +| `podLabels` | additional labels to add to each pod | `{}` | +| `podDisruptionBudget.enabled` | Enabled creation of PodDisruptionBudget (only if replicaCount > 1) | true | +| `podDisruptionBudget.maxUnavailable` | maxUnavailable parameter for PodDisruptionBudget, one of maxUnavailable and minAvailable must be null | null | +| `podDisruptionBudget.minAvailable` | minAvailable parameter for PodDisruptionBudget, one of maxUnavailable and minAvailable must be null | 1 | +| `podDisruptionBudget.unhealthyPodEvictionPolicy` | Policy for when unhealthy pods should be considered for eviction. Valid values are "IfHealthyBudget" and "AlwaysAllow". See [Kubernetes docs](https://kubernetes.io/docs/tasks/run-application/configure-pdb/#unhealthy-pod-eviction-policy) | `""` | +| `podSecurityContext` | Kubernetes security context to apply to pod | `{}` | +| `priorityClassName` | priorityClassName | `nil` | +| `readinessProbe.enabled` | enable Kubernetes readinessProbe. Disable to use oauth2-proxy with Istio mTLS. See [Istio FAQ](https://istio.io/help/faq/security/#k8s-health-checks) | `true` | +| `readinessProbe.initialDelaySeconds` | number of seconds | 0 | +| `readinessProbe.timeoutSeconds` | number of seconds | 5 | +| `readinessProbe.periodSeconds` | number of seconds | 10 | +| `readinessProbe.successThreshold` | number of successes | 1 | +| `replicaCount` | desired number of pods | `1` | +| `resources` | pod resource requests & limits | `{}` | +| `resizePolicy` | Container resize policy for runtime resource updates. See [Kubernetes docs](https://kubernetes.io/docs/tasks/configure-pod-container/resize-container-resources/) | `[]` | +| `revisionHistoryLimit` | maximum number of revisions maintained | 10 | +| `service.portNumber` | port number for the service | `80` | +| `service.appProtocol` | application protocol on the port of the service | `http` | +| `service.externalTrafficPolicy` | denotes if the service desires to route external traffic to node-local or cluster-wide endpoints | `Cluster` | +| `service.internalTrafficPolicy` | denotes if the service desires to route internal traffic to node-local or cluster-wide endpoints | `Cluster` | +| `service.type` | type of service | `ClusterIP` | +| `service.clusterIP` | cluster ip address | `nil` | +| `service.loadBalancerIP` | ip of load balancer | `nil` | +| `service.loadBalancerSourceRanges` | allowed source ranges in load balancer | `nil` | +| `service.nodePort` | external port number for the service when service.type is `NodePort` | `nil` | +| `service.targetPort` | (optional) a numeric port number (e.g., 80) or a port name defined in the pod's container(s) (e.g., http) | `""` | +| `service.ipDualStack.enabled` | enable IPv4/IPv6 dual-stack for the service | `false` | +| `service.ipDualStack.ipFamilies` | ip families for the service if IPv4/IPv6 dual-stack is enabled | `["IPv6", "IPv4"]` | +| `service.ipDualStack.ipFamilyPolicy` | ip family policy for the service if IPv4/IPv6 dual-stack is enabled | `"PreferDualStack"` | +| `service.trafficDistribution` | traffic distribution policy for the service. See [Kubernetes docs](https://kubernetes.io/docs/concepts/services-networking/service/#traffic-distribution) | `""` | +| `serviceAccount.enabled` | create a service account | `true` | +| `serviceAccount.name` | the service account name | `` | +| `serviceAccount.annotations` | (optional) annotations for the service account | `{}` | +| `strategy` | configure deployment strategy | `{}` | +| `tolerations` | list of node taints to tolerate | `[]` | +| `securityContext.enabled` | enable Kubernetes security context on container | `true` | +| `proxyVarsAsSecrets` | Choose between environment values or secrets for setting up OAUTH2_PROXY variables. When set to false, remember to add the variables OAUTH2_PROXY_CLIENT_ID, OAUTH2_PROXY_CLIENT_SECRET, OAUTH2_PROXY_COOKIE_SECRET in extraEnv | `true` | +| `sessionStorage.type` | Session storage type which can be one of the following: `cookie` or `redis` | `cookie` | +| `sessionStorage.redis.existingSecret` | Name of the Kubernetes secret containing the Redis & Redis sentinel password values (see also `sessionStorage.redis.passwordKey`) | `""` | +| `sessionStorage.redis.password` | Redis password. Applicable for all Redis configurations. Taken from Redis subchart secret if not set. `sessionStorage.redis.existingSecret` takes precedence | `nil` | +| `sessionStorage.redis.passwordKey` | Key of the Kubernetes secret data containing the Redis password value | `redis-password` | +| `sessionStorage.redis.clientType` | Allows the user to select which type of client will be used for the Redis instance. Possible options are: `sentinel`, `cluster` or `standalone` | `standalone` | +| `sessionStorage.redis.standalone.connectionUrl` | URL of Redis standalone server for Redis session storage (e.g., `redis://HOST[:PORT]`). Automatically generated if not set. | `""` | +| `sessionStorage.redis.cluster.connectionUrls` | List of Redis cluster connection URLs (e.g., `["redis://127.0.0.1:8000", "redis://127.0.0.1:8000"]`) | `[]` | +| `sessionStorage.redis.sentinel.existingSecret` | Name of the Kubernetes secret containing the Redis sentinel password value (see also `sessionStorage.redis.sentinel.passwordKey`). Default: `sessionStorage.redis.existingSecret` | `""` | +| `sessionStorage.redis.sentinel.password` | Redis sentinel password. Used only for sentinel connection; any Redis node passwords need to use `sessionStorage.redis.password` | `nil` | +| `sessionStorage.redis.sentinel.passwordKey` | Key of the Kubernetes secret data containing the Redis sentinel password value | `redis-sentinel-password` | +| `sessionStorage.redis.sentinel.masterName` | Redis sentinel master name | `nil` | +| `sessionStorage.redis.sentinel.connectionUrls` | List of Redis sentinel connection URLs (e.g. `["redis://127.0.0.1:8000", "redis://127.0.0.1:8000"]`) | `[]` | +| `topologySpreadConstraints` | List of pod topology spread constraints | `[]` | +| `redis.enabled` | Enable the Redis subchart deployment | `false` | +| `checkDeprecation` | Enable deprecation checks | `true` | +| `metrics.enabled` | Enable Prometheus metrics endpoint | `true` | +| `metrics.port` | Serve Prometheus metrics on this port | `44180` | +| `metrics.nodePort` | External port for the metrics when service.type is `NodePort` | `nil` | +| `metrics.service.appProtocol` | application protocol of the metrics port in the service | `http` | +| `metrics.serviceMonitor.enabled` | Enable Prometheus Operator ServiceMonitor | `false` | +| `metrics.serviceMonitor.namespace` | Define the namespace where to deploy the ServiceMonitor resource | `""` | +| `metrics.serviceMonitor.prometheusInstance` | Prometheus Instance definition | `default` | +| `metrics.serviceMonitor.interval` | Prometheus scrape interval | `60s` | +| `metrics.serviceMonitor.scrapeTimeout` | Prometheus scrape timeout | `30s` | +| `metrics.serviceMonitor.labels` | Add custom labels to the ServiceMonitor resource | `{}` | +| `metrics.serviceMonitor.scheme` | HTTP scheme for scraping. It can be used with `tlsConfig` for example, if using Istio mTLS. | `""` | +| `metrics.serviceMonitor.tlsConfig` | TLS configuration when scraping the endpoint. For example, if using Istio mTLS. | `{}` | +| `metrics.serviceMonitor.bearerTokenFile` | Path to bearer token file. | `""` | +| `metrics.serviceMonitor.annotations` | Used to pass annotations that are used by the Prometheus installed in your cluster | `{}` | +| `metrics.serviceMonitor.metricRelabelings` | Metric relabel configs to apply to samples before ingestion. | `[]` | +| `metrics.serviceMonitor.relabelings` | Relabel configs to apply to samples before ingestion. | `[]` | +| `extraObjects` | Extra K8s manifests to deploy | `[]` | + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```console +$ helm install my-release oauth2-proxy/oauth2-proxy \ + --set=image.tag=v0.0.2,resources.limits.cpu=200m +``` + +Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, + +```console +$ helm install my-release oauth2-proxy/oauth2-proxy -f values.yaml +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## TLS Configuration + +See: [TLS Configuration](https://oauth2-proxy.github.io/oauth2-proxy/configuration/tls/). +Use ```values.yaml``` like: + +```yaml +... +extraArgs: + tls-cert-file: /path/to/cert.pem + tls-key-file: /path/to/cert.key + +extraVolumes: + - name: ssl-cert + secret: + secretName: my-ssl-secret + +extraVolumeMounts: + - mountPath: /path/to/ + name: ssl-cert +... +``` + +With a secret called `my-ssl-secret`: + +```yaml +... +data: + cert.pem: AB..== + cert.key: CD..== +``` + +## Extra environment variable templating +The extraEnv value supports the tpl function, which evaluates strings as templates inside the deployment template. +This is useful for passing a template string as a value to the chart's extra environment variables and rendering external configuration environment values. + +```yaml +... +tplValue: "This is a test value for the tpl function" +extraEnv: + - name: TEST_ENV_VAR_1 + value: test_value_1 + - name: TEST_ENV_VAR_2 + value: '{{ .Values.tplValue }}' +``` + +## Custom templates configuration +You can replace the default template files using a Kubernetes `configMap` volume. The default templates are the two files [sign_in.html](https://github.com/oauth2-proxy/oauth2-proxy/blob/master/pkg/app/pagewriter/sign_in.html) and [error.html](https://github.com/oauth2-proxy/oauth2-proxy/blob/master/pkg/app/pagewriter/error.html). + +```yaml +config: + configFile: | + ... + custom_templates_dir = "/data/custom-templates" + +extraVolumes: + - name: custom-templates + configMap: + name: oauth2-proxy-custom-templates + +extraVolumeMounts: + - name: custom-templates + mountPath: "/data/custom-templates" + readOnly: true + +extraObjects: + - apiVersion: v1 + kind: ConfigMap + metadata: + name: oauth2-proxy-custom-templates + data: + sign_in.html: | + + + sign_in + + error.html: | + + + +

error

+

{{`{{ .StatusCode }}`}}

+ + +``` + +## Multi whitelist-domain configuration +You must use the config.configFile section for a multi-whitelist-domain configuration for one Oauth2-proxy instance. + +It will be overwriting the `/etc/oauth2_proxy/oauth2_proxy.cfg` [configuration file](https://oauth2-proxy.github.io/oauth2-proxy/configuration/overview#config-file). +In this example, Google provider is used, but you can find all other provider configurations here [oauth_provider](https://oauth2-proxy.github.io/oauth2-proxy/configuration/providers/). + +``` +config: + ... + clientID="$YOUR_GOOGLE_CLIENT_ID" + clientSecret="$YOUR_GOOGLE_CLIENT_SECRET" + cookieSecret="$YOUR_COOKIE_SECRET" + configFile: | + ... + email_domains = [ "*" ] + upstreams = [ "file:///dev/null" ] + cookie_secure = "false" + cookie_domains = [ ".domain.com", ".example.io" ] + whitelist_domains = [ ".domain.com", ".example.io"] + provider = "google" +``` + +## Route requests to sidecar container +You can route requests to a sidecar container first by setting the `service.targetPort` variable. The possible values for the targetPort field of a Kubernetes Service can be either a port number or the name of a port defined in the pod. By default, the service's `targetPort` value equals to `httpSchema`'s. diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy-8.2.0.tgz b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy-8.2.0.tgz new file mode 100644 index 00000000..e424bc0f Binary files /dev/null and b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy-8.2.0.tgz differ diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/.helmignore b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/.helmignore new file mode 100644 index 00000000..825c0077 --- /dev/null +++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj + +OWNERS diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/Chart.lock b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/Chart.lock new file mode 100644 index 00000000..1ac55e23 --- /dev/null +++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: redis-ha + repository: https://dandydeveloper.github.io/charts + version: 4.33.8 +digest: sha256:99abe093ebc97b930cad234e3bce566bb55e11ed0b2324e195d9783aaf5d1ace +generated: "2025-08-13T08:08:37.645426006+02:00" diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/Chart.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/Chart.yaml new file mode 100644 index 00000000..e5343cb0 --- /dev/null +++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/Chart.yaml @@ -0,0 +1,39 @@ +annotations: + artifacthub.io/changes: | + - kind: added + description: Add support for new container resize policy feature + links: + - name: Github PR + url: https://github.com/oauth2-proxy/manifests/pull/346 +apiVersion: v2 +appVersion: 7.12.0 +dependencies: +- alias: redis + condition: redis.enabled + name: redis-ha + repository: https://dandydeveloper.github.io/charts + version: 4.33.8 +description: A reverse proxy that provides authentication with Google, Github or other + providers +home: https://oauth2-proxy.github.io/oauth2-proxy/ +keywords: +- kubernetes +- oauth +- oauth2 +- authentication +- google +- github +- redis +kubeVersion: '>=1.16.0-0' +maintainers: +- email: pierluigi.lenoci@gmail.com + name: pierluigilenoci +- email: jan@larwig.com + name: tuunit +- email: joel.speed@hotmail.co.uk + name: JoelSpeed +name: oauth2-proxy +sources: +- https://github.com/oauth2-proxy/oauth2-proxy +- https://github.com/oauth2-proxy/manifests +version: 8.2.0 diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/README.md b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/README.md new file mode 100644 index 00000000..fe13f75e --- /dev/null +++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/README.md @@ -0,0 +1,380 @@ +# oauth2-proxy + +[oauth2-proxy](https://github.com/oauth2-proxy/oauth2-proxy) is a reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others) to validate accounts by e-mail, domain, or group. + +## TL;DR; + +```console +$ helm repo add oauth2-proxy https://oauth2-proxy.github.io/manifests +$ helm install my-release oauth2-proxy/oauth2-proxy +``` + +## Introduction + +This chart bootstraps an oauth2-proxy deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +$ helm install my-release oauth2-proxy/oauth2-proxy +``` + +The command deploys oauth2-proxy on the Kubernetes cluster in the default configuration. +The [configuration](#configuration) section lists the parameters that can be configured during installation. + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```console +$ helm uninstall my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Upgrading an existing Release to a new major version + +A major chart version change (like v1.2.3 -> v2.0.0) indicates an incompatible breaking change needing manual actions. + +### To 1.0.0 + +This version upgrades oauth2-proxy to v4.0.0. To upgrade, please see the [changelog](https://github.com/oauth2-proxy/oauth2-proxy/blob/v4.0.0/CHANGELOG.md#v400). + +### To 2.0.0 + +Version 2.0.0 of this chart introduces support for Kubernetes v1.16.x by addressing the Deployment object apiVersion `apps/v1beta2` deprecation. +See [the v1.16 API deprecations page](https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/) for more information. + +Due to [this issue](https://github.com/helm/helm/issues/6583), errors may occur when performing a `helm upgrade` of this chart from versions earlier than 2.0.0. + +### To 3.0.0 + +Version 3.0.0 introduces support for [EKS IAM roles for service accounts](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html) by adding a managed service account to the chart. +This is a breaking change since the service account is enabled by default. +To disable this behaviour set `serviceAccount.enabled` to `false` + +### To 4.0.0 + +Version 4.0.0 adds support for the new Ingress apiVersion **networking.k8s.io/v1**. +Therefore, the `ingress.extraPaths` parameter must be updated to the new format. +See the [v1.22 API deprecations guide](https://kubernetes.io/docs/reference/using-api/deprecation-guide/#ingress-v122) for more information. + +For the same reason `service.port` was renamed to `service.portNumber`. + +### To 5.0.0 + +Version 5.0.0 introduces support for custom labels and refactor [Kubernetes recommended labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/common-labels/). +This is a breaking change because many labels of all resources need to be updated to stay consistent. + +In order to upgrade, delete the Deployment before upgrading: + +```bash +kubectl delete deployment my-release-oauth2-proxy +``` + +This will introduce a slight downtime. + +For users who don't want downtime, you can perform these actions: + +- Perform a non-cascading removal of the deployment that keeps the pods running +- Add new labels to pods +- Perform `helm upgrade` + +### To 6.0.0 + +Version 6.0.0 bumps the version of the Redis subchart from ~10.6.0 to ~16.4.0. +You probably need to adjust your Redis configuration. +See [here](https://github.com/bitnami/charts/tree/master/bitnami/redis#upgrading) for detailed upgrade instructions. + +### To 7.0.0 + +Version 7.0.0 introduces a new implementation to support multiple hostAliases. +You probably need to adjust your hostAliases config. +See [here](https://github.com/oauth2-proxy/manifests/pull/164/) for detailed information. + +### To 8.0.0 - Bitnami 💀 + +Version 8.0.0 removes the dependency on the Bitnami Redis subchart and replaces it with the `dandydeveloper/redis-ha` chart. Therefore this version introduces a breaking change to the redis subchart deployment configuration. Please refer to the official [redis-ha repository](https://github.com/DandyDeveloper/charts/tree/master/charts/redis-ha) for details. Furthermore, you can reference the redis CI test value files we use [here](https://github.com/oauth2-proxy/manifests/tree/main/helm/oauth2-proxy/ci). + +Furthermore, you can read up on why this change was necessary in [Breaking changes in Bitnami Catalog #323](https://github.com/oauth2-proxy/manifests/issues/323) + + +## Configuration + +The following table lists the configurable parameters of the oauth2-proxy chart and their default values. + +| Parameter | Description | Default | +| ----------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------- | +| `affinity` | node/pod affinities | None | +| `authenticatedEmailsFile.enabled` | Enables authorize individual e-mail addresses | `false` | +| `authenticatedEmailsFile.persistence` | Defines how the e-mail addresses file will be projected, via a configmap or secret | `configmap` | +| `authenticatedEmailsFile.template` | Name of the configmap or secret that is handled outside of that chart | `""` | +| `authenticatedEmailsFile.restrictedUserAccessKey` | The key of the configmap or secret that holds the e-mail addresses list | `""` | +| `authenticatedEmailsFile.restricted_access` | [e-mail addresses](https://oauth2-proxy.github.io/oauth2-proxy/configuration/providers/#email-authentication) list config | `""` | +| `authenticatedEmailsFile.annotations` | configmap or secret annotations | `nil` | +| `config.clientID` | oauth client ID | `""` | +| `config.clientSecret` | oauth client secret | `""` | +| `config.cookieSecret` | server specific cookie for the secret; create a new one with `openssl rand -base64 32 \| head -c 32 \| base64` | `""` | +| `config.existingSecret` | existing Kubernetes secret to use for OAuth2 credentials. See [oauth2-proxy.secrets helper](https://github.com/oauth2-proxy/manifests/blob/main/helm/oauth2-proxy/templates/_helpers.tpl#L157C13-L157C33) for the required values | `nil` | +| `config.configFile` | custom [oauth2_proxy.cfg](https://github.com/oauth2-proxy/oauth2-proxy/blob/master/contrib/oauth2-proxy.cfg.example) contents for settings not overridable via environment nor command line | `""` | +| `config.existingConfig` | existing Kubernetes configmap to use for the configuration file. See [config template](https://github.com/oauth2-proxy/manifests/blob/master/helm/oauth2-proxy/templates/configmap.yaml) for the required values | `nil` | +| `config.cookieName` | The name of the cookie that oauth2-proxy will create. | `""` | +| `autoscaling.enabled` | Deploy a Horizontal Pod Autoscaler. | `false` | +| `autoscaling.minReplicas` | Minimum replicas for the Horizontal Pod Autoscaler. | `1` | +| `autoscaling.maxReplicas` | Maximum replicas for the Horizontal Pod Autoscaler. | `10` | +| `autoscaling.targetCPUUtilizationPercentage` | Horizontal Pod Autoscaler setting. | `80` | +| `autoscaling.targetMemoryUtilizationPercentage` | Horizontal Pod Autoscaler setting. | `` | +| `autoscaling.annotations` | Horizontal Pod Autoscaler annotations. | `{}` | +| `autoscaling.behavior` | Configure HPA behavior policies for scaling. See [docs](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#configuring-scaling-behavior) | `{}` | +| `alphaConfig.enabled` | Flag to toggle any alpha config-related logic | `false` | +| `alphaConfig.annotations` | Configmap annotations | `{}` | +| `alphaConfig.serverConfigData` | Arbitrary configuration data to append to the server section | `{}` | +| `alphaConfig.metricsConfigData` | Arbitrary configuration data to append to the metrics section | `{}` | +| `alphaConfig.configData` | Arbitrary configuration data to append | `{}` | +| `alphaConfig.configFile` | Arbitrary configuration to append, treated as a Go template and rendered with the root context | `""` | +| `alphaConfig.existingConfig` | existing Kubernetes configmap to use for the alpha configuration file. See [config template](https://github.com/oauth2-proxy/manifests/blob/master/helm/oauth2-proxy/templates/secret-alpha.yaml) for the required values | `nil` | +| `alphaConfig.existingSecret` | existing Kubernetes secret to use for the alpha configuration file. See [config template](https://github.com/oauth2-proxy/manifests/blob/master/helm/oauth2-proxy/templates/secret-alpha.yaml) for the required values | `nil` | +| `customLabels` | Custom labels to add into metadata | `{}` | +| `config.google.adminEmail` | user impersonated by the Google service account | `""` | +| `config.google.useApplicationDefaultCredentials` | use the application-default credentials (i.e. Workload Identity on GKE) instead of providing a service account JSON | `false` | +| `config.google.targetPrincipal` | service account to use/impersonate | `""` | +| `config.google.serviceAccountJson` | Google service account JSON contents | `""` | +| `config.google.existingConfig` | existing Kubernetes configmap to use for the service account file. See [Google secret template](https://github.com/oauth2-proxy/manifests/blob/master/helm/oauth2-proxy/templates/google-secret.yaml) for the required values | `nil` | +| `config.google.groups` | restrict logins to members of these Google groups | `[]` | +| `containerPort` | used to customize port on the deployment | `""` | +| `enableServiceLinks` | configure deployment enableServiceLinks | `true` | +| `extraArgs` | Extra arguments to give the binary. Either as a map with key:value pairs or as a list type, which allows the same flag to be configured multiple times. (e.g. `["--allowed-role=CLIENT_ID:CLIENT_ROLE_NAME_A", "--allowed-role=CLIENT_ID:CLIENT_ROLE_NAME_B"]`). | `{}` or `[]` | +| `extraContainers` | List of extra containers to be added to the pod | `[]` | +| `extraInitContainers` | List of extra initContainers to be added to the pod | `[]` | +| `extraEnv` | key:value list of extra environment variables to give the binary | `[]` | +| `extraVolumes` | list of extra volumes | `[]` | +| `extraVolumeMounts` | list of extra volumeMounts | `[]` | +| `hostAliases` | hostAliases is a list of aliases to be added to /etc/hosts for network name resolution. | | +| `htpasswdFile.enabled` | enable htpasswd-file option | `false` | +| `htpasswdFile.entries` | list of [encrypted user:passwords](https://oauth2-proxy.github.io/oauth2-proxy/configuration/overview#command-line-options) | `{}` | +| `htpasswdFile.existingSecret` | existing Kubernetes secret to use for OAuth2 htpasswd file | `""` | +| `httpScheme` | `http` or `https`. `name` used for the port on the deployment. `httpGet` port `name` and `scheme` used for `liveness`- and `readinessProbes`. `name` and `targetPort` used for the service. | `http` | +| `image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `image.command` | Define command to be executed by container at startup | `[]` | +| `image.repository` | Image repository | `quay.io/oauth2-proxy/oauth2-proxy` | +| `image.tag` | Image tag | `""` (defaults to appVersion) | +| `imagePullSecrets` | Specify image pull secrets | `nil` (does not add image pull secrets to deployed pods) | +| `ingress.enabled` | Enable Ingress | `false` | +| `ingress.className` | name referencing IngressClass | `nil` | +| `ingress.path` | Ingress accepted path | `/` | +| `ingress.pathType` | Ingress [path type](https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types) | `ImplementationSpecific` | +| `ingress.extraPaths` | Ingress extra paths to prepend to every host configuration. Useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.8/guide/ingress/annotations/). | `[]` | +| `ingress.labels` | Ingress extra labels | `{}` | +| `ingress.annotations` | Ingress annotations | `nil` | +| `ingress.hosts` | Ingress accepted hostnames | `nil` | +| `ingress.tls` | Ingress TLS configuration | `nil` | +| `initContainers.waitForRedis.enabled` | If `redis.enabled` is true, use an init container to wait for the Redis master pod to be ready. If `serviceAccount.enabled` is true, create additionally a role/binding to get, list, and watch the Redis master pod | `true` | +| `initContainers.waitForRedis.image.pullPolicy` | kubectl image pull policy | `IfNotPresent` | +| `initContainers.waitForRedis.image.repository` | kubectl image repository | `docker.io/bitnami/kubectl` | +| `initContainers.waitForRedis.kubectlVersion` | kubectl version to use for the init container | `printf "%s.%s" .Capabilities.KubeVersion.Major (.Capabilities.KubeVersion.Minor \| replace "+" "")` | +| `initContainers.waitForRedis.securityContext.enabled` | enable Kubernetes security context on container | `true` | +| `initContainers.waitForRedis.timeout` | number of seconds | 180 | +| `initContainers.waitForRedis.resources` | pod resource requests & limits | `{}` | +| `livenessProbe.enabled` | enable Kubernetes livenessProbe. Disable to use oauth2-proxy with Istio mTLS. See [Istio FAQ](https://istio.io/help/faq/security/#k8s-health-checks) | `true` | +| `livenessProbe.initialDelaySeconds` | number of seconds | 0 | +| `livenessProbe.timeoutSeconds` | number of seconds | 1 | +| `namespaceOverride` | Override the deployment namespace | `""` | +| `nodeSelector` | node labels for pod assignment | `{}` | +| `deploymentAnnotations` | annotations to add to the deployment | `{}` | +| `podAnnotations` | annotations to add to each pod | `{}` | +| `podLabels` | additional labels to add to each pod | `{}` | +| `podDisruptionBudget.enabled` | Enabled creation of PodDisruptionBudget (only if replicaCount > 1) | true | +| `podDisruptionBudget.maxUnavailable` | maxUnavailable parameter for PodDisruptionBudget, one of maxUnavailable and minAvailable must be null | null | +| `podDisruptionBudget.minAvailable` | minAvailable parameter for PodDisruptionBudget, one of maxUnavailable and minAvailable must be null | 1 | +| `podDisruptionBudget.unhealthyPodEvictionPolicy` | Policy for when unhealthy pods should be considered for eviction. Valid values are "IfHealthyBudget" and "AlwaysAllow". See [Kubernetes docs](https://kubernetes.io/docs/tasks/run-application/configure-pdb/#unhealthy-pod-eviction-policy) | `""` | +| `podSecurityContext` | Kubernetes security context to apply to pod | `{}` | +| `priorityClassName` | priorityClassName | `nil` | +| `readinessProbe.enabled` | enable Kubernetes readinessProbe. Disable to use oauth2-proxy with Istio mTLS. See [Istio FAQ](https://istio.io/help/faq/security/#k8s-health-checks) | `true` | +| `readinessProbe.initialDelaySeconds` | number of seconds | 0 | +| `readinessProbe.timeoutSeconds` | number of seconds | 5 | +| `readinessProbe.periodSeconds` | number of seconds | 10 | +| `readinessProbe.successThreshold` | number of successes | 1 | +| `replicaCount` | desired number of pods | `1` | +| `resources` | pod resource requests & limits | `{}` | +| `resizePolicy` | Container resize policy for runtime resource updates. See [Kubernetes docs](https://kubernetes.io/docs/tasks/configure-pod-container/resize-container-resources/) | `[]` | +| `revisionHistoryLimit` | maximum number of revisions maintained | 10 | +| `service.portNumber` | port number for the service | `80` | +| `service.appProtocol` | application protocol on the port of the service | `http` | +| `service.externalTrafficPolicy` | denotes if the service desires to route external traffic to node-local or cluster-wide endpoints | `Cluster` | +| `service.internalTrafficPolicy` | denotes if the service desires to route internal traffic to node-local or cluster-wide endpoints | `Cluster` | +| `service.type` | type of service | `ClusterIP` | +| `service.clusterIP` | cluster ip address | `nil` | +| `service.loadBalancerIP` | ip of load balancer | `nil` | +| `service.loadBalancerSourceRanges` | allowed source ranges in load balancer | `nil` | +| `service.nodePort` | external port number for the service when service.type is `NodePort` | `nil` | +| `service.targetPort` | (optional) a numeric port number (e.g., 80) or a port name defined in the pod's container(s) (e.g., http) | `""` | +| `service.ipDualStack.enabled` | enable IPv4/IPv6 dual-stack for the service | `false` | +| `service.ipDualStack.ipFamilies` | ip families for the service if IPv4/IPv6 dual-stack is enabled | `["IPv6", "IPv4"]` | +| `service.ipDualStack.ipFamilyPolicy` | ip family policy for the service if IPv4/IPv6 dual-stack is enabled | `"PreferDualStack"` | +| `service.trafficDistribution` | traffic distribution policy for the service. See [Kubernetes docs](https://kubernetes.io/docs/concepts/services-networking/service/#traffic-distribution) | `""` | +| `serviceAccount.enabled` | create a service account | `true` | +| `serviceAccount.name` | the service account name | `` | +| `serviceAccount.annotations` | (optional) annotations for the service account | `{}` | +| `strategy` | configure deployment strategy | `{}` | +| `tolerations` | list of node taints to tolerate | `[]` | +| `securityContext.enabled` | enable Kubernetes security context on container | `true` | +| `proxyVarsAsSecrets` | Choose between environment values or secrets for setting up OAUTH2_PROXY variables. When set to false, remember to add the variables OAUTH2_PROXY_CLIENT_ID, OAUTH2_PROXY_CLIENT_SECRET, OAUTH2_PROXY_COOKIE_SECRET in extraEnv | `true` | +| `sessionStorage.type` | Session storage type which can be one of the following: `cookie` or `redis` | `cookie` | +| `sessionStorage.redis.existingSecret` | Name of the Kubernetes secret containing the Redis & Redis sentinel password values (see also `sessionStorage.redis.passwordKey`) | `""` | +| `sessionStorage.redis.password` | Redis password. Applicable for all Redis configurations. Taken from Redis subchart secret if not set. `sessionStorage.redis.existingSecret` takes precedence | `nil` | +| `sessionStorage.redis.passwordKey` | Key of the Kubernetes secret data containing the Redis password value | `redis-password` | +| `sessionStorage.redis.clientType` | Allows the user to select which type of client will be used for the Redis instance. Possible options are: `sentinel`, `cluster` or `standalone` | `standalone` | +| `sessionStorage.redis.standalone.connectionUrl` | URL of Redis standalone server for Redis session storage (e.g., `redis://HOST[:PORT]`). Automatically generated if not set. | `""` | +| `sessionStorage.redis.cluster.connectionUrls` | List of Redis cluster connection URLs (e.g., `["redis://127.0.0.1:8000", "redis://127.0.0.1:8000"]`) | `[]` | +| `sessionStorage.redis.sentinel.existingSecret` | Name of the Kubernetes secret containing the Redis sentinel password value (see also `sessionStorage.redis.sentinel.passwordKey`). Default: `sessionStorage.redis.existingSecret` | `""` | +| `sessionStorage.redis.sentinel.password` | Redis sentinel password. Used only for sentinel connection; any Redis node passwords need to use `sessionStorage.redis.password` | `nil` | +| `sessionStorage.redis.sentinel.passwordKey` | Key of the Kubernetes secret data containing the Redis sentinel password value | `redis-sentinel-password` | +| `sessionStorage.redis.sentinel.masterName` | Redis sentinel master name | `nil` | +| `sessionStorage.redis.sentinel.connectionUrls` | List of Redis sentinel connection URLs (e.g. `["redis://127.0.0.1:8000", "redis://127.0.0.1:8000"]`) | `[]` | +| `topologySpreadConstraints` | List of pod topology spread constraints | `[]` | +| `redis.enabled` | Enable the Redis subchart deployment | `false` | +| `checkDeprecation` | Enable deprecation checks | `true` | +| `metrics.enabled` | Enable Prometheus metrics endpoint | `true` | +| `metrics.port` | Serve Prometheus metrics on this port | `44180` | +| `metrics.nodePort` | External port for the metrics when service.type is `NodePort` | `nil` | +| `metrics.service.appProtocol` | application protocol of the metrics port in the service | `http` | +| `metrics.serviceMonitor.enabled` | Enable Prometheus Operator ServiceMonitor | `false` | +| `metrics.serviceMonitor.namespace` | Define the namespace where to deploy the ServiceMonitor resource | `""` | +| `metrics.serviceMonitor.prometheusInstance` | Prometheus Instance definition | `default` | +| `metrics.serviceMonitor.interval` | Prometheus scrape interval | `60s` | +| `metrics.serviceMonitor.scrapeTimeout` | Prometheus scrape timeout | `30s` | +| `metrics.serviceMonitor.labels` | Add custom labels to the ServiceMonitor resource | `{}` | +| `metrics.serviceMonitor.scheme` | HTTP scheme for scraping. It can be used with `tlsConfig` for example, if using Istio mTLS. | `""` | +| `metrics.serviceMonitor.tlsConfig` | TLS configuration when scraping the endpoint. For example, if using Istio mTLS. | `{}` | +| `metrics.serviceMonitor.bearerTokenFile` | Path to bearer token file. | `""` | +| `metrics.serviceMonitor.annotations` | Used to pass annotations that are used by the Prometheus installed in your cluster | `{}` | +| `metrics.serviceMonitor.metricRelabelings` | Metric relabel configs to apply to samples before ingestion. | `[]` | +| `metrics.serviceMonitor.relabelings` | Relabel configs to apply to samples before ingestion. | `[]` | +| `extraObjects` | Extra K8s manifests to deploy | `[]` | + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```console +$ helm install my-release oauth2-proxy/oauth2-proxy \ + --set=image.tag=v0.0.2,resources.limits.cpu=200m +``` + +Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, + +```console +$ helm install my-release oauth2-proxy/oauth2-proxy -f values.yaml +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## TLS Configuration + +See: [TLS Configuration](https://oauth2-proxy.github.io/oauth2-proxy/configuration/tls/). +Use ```values.yaml``` like: + +```yaml +... +extraArgs: + tls-cert-file: /path/to/cert.pem + tls-key-file: /path/to/cert.key + +extraVolumes: + - name: ssl-cert + secret: + secretName: my-ssl-secret + +extraVolumeMounts: + - mountPath: /path/to/ + name: ssl-cert +... +``` + +With a secret called `my-ssl-secret`: + +```yaml +... +data: + cert.pem: AB..== + cert.key: CD..== +``` + +## Extra environment variable templating +The extraEnv value supports the tpl function, which evaluates strings as templates inside the deployment template. +This is useful for passing a template string as a value to the chart's extra environment variables and rendering external configuration environment values. + +```yaml +... +tplValue: "This is a test value for the tpl function" +extraEnv: + - name: TEST_ENV_VAR_1 + value: test_value_1 + - name: TEST_ENV_VAR_2 + value: '{{ .Values.tplValue }}' +``` + +## Custom templates configuration +You can replace the default template files using a Kubernetes `configMap` volume. The default templates are the two files [sign_in.html](https://github.com/oauth2-proxy/oauth2-proxy/blob/master/pkg/app/pagewriter/sign_in.html) and [error.html](https://github.com/oauth2-proxy/oauth2-proxy/blob/master/pkg/app/pagewriter/error.html). + +```yaml +config: + configFile: | + ... + custom_templates_dir = "/data/custom-templates" + +extraVolumes: + - name: custom-templates + configMap: + name: oauth2-proxy-custom-templates + +extraVolumeMounts: + - name: custom-templates + mountPath: "/data/custom-templates" + readOnly: true + +extraObjects: + - apiVersion: v1 + kind: ConfigMap + metadata: + name: oauth2-proxy-custom-templates + data: + sign_in.html: | + + + sign_in + + error.html: | + + + +

error

+

{{`{{ .StatusCode }}`}}

+ + +``` + +## Multi whitelist-domain configuration +You must use the config.configFile section for a multi-whitelist-domain configuration for one Oauth2-proxy instance. + +It will be overwriting the `/etc/oauth2_proxy/oauth2_proxy.cfg` [configuration file](https://oauth2-proxy.github.io/oauth2-proxy/configuration/overview#config-file). +In this example, Google provider is used, but you can find all other provider configurations here [oauth_provider](https://oauth2-proxy.github.io/oauth2-proxy/configuration/providers/). + +``` +config: + ... + clientID="$YOUR_GOOGLE_CLIENT_ID" + clientSecret="$YOUR_GOOGLE_CLIENT_SECRET" + cookieSecret="$YOUR_COOKIE_SECRET" + configFile: | + ... + email_domains = [ "*" ] + upstreams = [ "file:///dev/null" ] + cookie_secure = "false" + cookie_domains = [ ".domain.com", ".example.io" ] + whitelist_domains = [ ".domain.com", ".example.io"] + provider = "google" +``` + +## Route requests to sidecar container +You can route requests to a sidecar container first by setting the `service.targetPort` variable. The possible values for the targetPort field of a Kubernetes Service can be either a port number or the name of a port defined in the pod. By default, the service's `targetPort` value equals to `httpSchema`'s. diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/.helmignore b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/.helmignore new file mode 100644 index 00000000..ee9c40f0 --- /dev/null +++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/.helmignore @@ -0,0 +1,25 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +ci/ +*.gotmpl diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/Chart.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/Chart.yaml new file mode 100644 index 00000000..4622e91f --- /dev/null +++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/Chart.yaml @@ -0,0 +1,19 @@ +apiVersion: v2 +appVersion: 7.2.7 +description: This Helm chart provides a highly available Redis implementation with + a master/slave configuration and uses Sentinel sidecars for failover management +home: http://redis.io/ +icon: https://upload.wikimedia.org/wikipedia/en/thumb/6/6b/Redis_Logo.svg/1200px-Redis_Logo.svg.png +keywords: +- redis +- keyvalue +- database +maintainers: +- email: aaron.layfield@gmail.com + name: dandydeveloper +name: redis-ha +sources: +- https://redis.io/download +- https://github.com/DandyDeveloper/charts/blob/master/charts/redis-ha +- https://github.com/oliver006/redis_exporter +version: 4.33.8 diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/README.md b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/README.md new file mode 100644 index 00000000..e1562b08 --- /dev/null +++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/README.md @@ -0,0 +1,485 @@ +# Redis + +[Redis](http://redis.io/) is an advanced key-value cache and store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets, sorted sets, bitmaps and hyperloglogs. + +## TL;DR + +```bash +helm repo add dandydev https://dandydeveloper.github.io/charts +helm install dandydev/redis-ha +``` + +By default this chart install 3 pods total: + +* one pod containing a redis master and sentinel container (optional prometheus metrics exporter sidecar available) +* two pods each containing a redis slave and sentinel containers (optional prometheus metrics exporter sidecars available) + +## Introduction + +This chart bootstraps a [Redis](https://redis.io) highly available master/slave statefulset in a [Kubernetes](http://kubernetes.io) cluster using the Helm package manager. + +## Prerequisites + +* Kubernetes 1.8+ with Beta APIs enabled +* PV provisioner support in the underlying infrastructure + +## Upgrading the Chart + +Please note that there have been a number of changes simplifying the redis management strategy (for better failover and elections) in the 3.x version of this chart. These changes allow the use of official [redis](https://hub.docker.com/_/redis/) images that do not require special RBAC or ServiceAccount roles. As a result when upgrading from version >=2.0.1 to >=3.0.0 of this chart, `Role`, `RoleBinding`, and `ServiceAccount` resources should be deleted manually. + +### Upgrading the chart from 3.x to 4.x + +Starting from version `4.x` HAProxy sidecar prometheus-exporter removed and replaced by the embedded [HAProxy metrics endpoint](https://github.com/haproxy/haproxy/tree/master/contrib/prometheus-exporter), as a result when upgrading from version 3.x to 4.x section `haproxy.exporter` should be removed and the `haproxy.metrics` need to be configured for fit your needs. + +## Installing the Chart + +To install the chart + +```bash +helm repo add dandydev https://dandydeveloper.github.io/charts +helm install dandydev/redis-ha +``` + +The command deploys Redis on the Kubernetes cluster in the default configuration. By default this chart install one master pod containing redis master container and sentinel container along with 2 redis slave pods each containing their own sentinel sidecars. The [configuration](#configuration) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall/delete the deployment: + +```bash +helm delete +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Configuration + +The following table lists the configurable parameters of the Redis chart and their default values. + +### General parameters + +| Parameter | Description | Type | Default | +|-----|------|---------|-------------| +| `additionalAffinities` | Additional affinities to add to the Redis server pods. # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity | object | `{}` | +| `affinity` | Override all other affinity settings for the Redis server pods with a string. | string | `""` | +| `auth` | Configures redis with AUTH (requirepass & masterauth conf params) | bool | `false` | +| `authKey` | Defines the key holding the redis password in existing secret. | string | `"auth"` | +| `configmap.labels` | Custom labels for the redis configmap | object | `{}` | +| `configmapTest.image` | Image for redis-ha-configmap-test hook | object | `{"repository":"koalaman/shellcheck","tag":"v0.10.0"}` | +| `configmapTest.image.repository` | Repository of the configmap shellcheck test image. | string | `"koalaman/shellcheck"` | +| `configmapTest.image.tag` | Tag of the configmap shellcheck test image. | string | `"v0.10.0"` | +| `configmapTest.resources` | Resources for the ConfigMap test pod | object | `{}` | +| `containerSecurityContext` | Security context to be added to the Redis containers. | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"runAsNonRoot":true,"runAsUser":1000,"seccompProfile":{"type":"RuntimeDefault"}}` | +| `emptyDir` | Configuration of `emptyDir`, used only if persistentVolume is disabled and no hostPath specified | object | `{}` | +| `existingSecret` | An existing secret containing a key defined by `authKey` that configures `requirepass` and `masterauth` in the conf parameters (Requires `auth: enabled`, cannot be used in conjunction with `.Values.redisPassword`) | string | `nil` | +| `extraContainers` | Extra containers to include in StatefulSet | list | `[]` | +| `extraInitContainers` | Extra init containers to include in StatefulSet | list | `[]` | +| `extraLabels` | Labels added here are applied to all created resources | object | `{}` | +| `extraVolumes` | Extra volumes to include in StatefulSet | list | `[]` | +| `fullnameOverride` | Full name of the Redis HA Resources | string | `""` | +| `global.compatibility` | Openshift compatibility options | object | `{"openshift":{"adaptSecurityContext":"auto"}}` | +| `global.priorityClassName` | Default priority class for all components | string | `""` | +| `hardAntiAffinity` | Whether the Redis server pods should be forced to run on separate nodes. # This is accomplished by setting their AntiAffinity with requiredDuringSchedulingIgnoredDuringExecution as opposed to preferred. # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity-beta-feature | bool | `true` | +| `hostPath.chown` | if chown is true, an init-container with root permissions is launched to change the owner of the hostPath folder to the user defined in the security context | bool | `true` | +| `hostPath.path` | Use this path on the host for data storage. path is evaluated as template so placeholders are replaced | string | `""` | +| `image.pullPolicy` | Redis image pull policy | string | `"IfNotPresent"` | +| `image.repository` | Redis image repository | string | `"public.ecr.aws/docker/library/redis"` | +| `image.tag` | Redis image tag | string | `"7.2.7-alpine"` | +| `imagePullSecrets` | Reference to one or more secrets to be used when pulling redis images | list | `[]` | +| `init.resources` | Extra init resources | object | `{}` | +| `labels` | Custom labels for the redis pod | object | `{}` | +| `nameOverride` | Name override for Redis HA resources | string | `""` | +| `networkPolicy.annotations` | Annotations for NetworkPolicy | object | `{}` | +| `networkPolicy.egressRules` | user can define egress rules too, uses the same structure as ingressRules | list | `[{"ports":[{"port":53,"protocol":"UDP"},{"port":53,"protocol":"TCP"}],"selectors":[{"namespaceSelector":{}},{"ipBlock":{"cidr":"169.254.0.0/16"}}]}]` | +| `networkPolicy.egressRules[0].selectors[0]` | Allow all destinations for DNS traffic | object | `{"namespaceSelector":{}}` | +| `networkPolicy.enabled` | whether NetworkPolicy for Redis StatefulSets should be created. when enabled, inter-Redis connectivity is created | bool | `false` | +| `networkPolicy.ingressRules` | User defined ingress rules that Redis should permit into. Uses the format defined in https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors | list | `[]` | +| `networkPolicy.labels` | Labels for NetworkPolicy | object | `{}` | +| `nodeSelector` | Node labels for pod assignment | object | `{}` | +| `persistentVolume.accessModes` | Persistent volume access modes | list | `["ReadWriteOnce"]` | +| `persistentVolume.annotations` | Annotations for the volume | object | `{}` | +| `persistentVolume.enabled` | Enable persistent volume | bool | `true` | +| `persistentVolume.labels` | Labels for the volume | object | `{}` | +| `persistentVolume.size` | Persistent volume size | string | `"10Gi"` | +| `persistentVolume.storageClass` | redis-ha data Persistent Volume Storage Class | string | `nil` | +| `podDisruptionBudget` | Pod Disruption Budget rules | object | `{}` | +| `podManagementPolicy` | The statefulset pod management policy | string | `"OrderedReady"` | +| `priorityClassName` | Kubernetes priorityClass name for the redis-ha-server pod | string | `""` | +| `rbac.create` | Create and use RBAC resources | bool | `true` | +| `redis.annotations` | Annotations for the redis statefulset | object | `{}` | +| `redis.authClients` | It is possible to disable client side certificates authentication when "authClients" is set to "no" | string | `""` | +| `redis.config` | Any valid redis config options in this section will be applied to each server, For multi-value configs use list instead of string (for example loadmodule) (see below) | object | see values.yaml | +| `redis.config.maxmemory` | Max memory to use for each redis instance. Default is unlimited. | string | `"0"` | +| `redis.config.maxmemory-policy` | Max memory policy to use for each redis instance. Default is volatile-lru. | string | `"volatile-lru"` | +| `redis.config.min-replicas-max-lag` | Value in seconds | int | `5` | +| `redis.config.repl-diskless-sync` | When enabled, directly sends the RDB over the wire to slaves, without using the disk as intermediate storage. Default is false. | string | `"yes"` | +| `redis.config.save` | Please note that local (on-disk) RDBs will still be created when re-syncing with a new slave. The only way to prevent this is to enable diskless replication. | string | `"900 1"` | +| `redis.customArgs` | Allows overriding the redis container arguments | list | `[]` | +| `redis.customCommand` | Allows overriding the redis container command | list | `[]` | +| `redis.customConfig` | Allows for custom redis.conf files to be applied. If this is used then `redis.config` is ignored | string | `nil` | +| `redis.disableCommands` | Array with commands to disable | list | `["FLUSHDB","FLUSHALL"]` | +| `redis.envFrom` | Load environment variables from ConfigMap/Secret | list | `[]` | +| `redis.extraVolumeMounts` | additional volumeMounts for Redis container | list | `[]` | +| `redis.lifecycle` | Container Lifecycle Hooks for redis container Ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/ | object | see values.yaml | +| `redis.livenessProbe` | Liveness probe parameters for redis container | object | `{"enabled":true,"failureThreshold":5,"initialDelaySeconds":30,"periodSeconds":15,"successThreshold":1,"timeoutSeconds":15}` | +| `redis.livenessProbe.enabled` | Enable the Liveness Probe | bool | `true` | +| `redis.livenessProbe.failureThreshold` | Failure threshold for liveness probe | int | `5` | +| `redis.livenessProbe.initialDelaySeconds` | Initial delay in seconds for liveness probe | int | `30` | +| `redis.livenessProbe.periodSeconds` | Period in seconds after which liveness probe will be repeated | int | `15` | +| `redis.livenessProbe.successThreshold` | Success threshold for liveness probe | int | `1` | +| `redis.livenessProbe.timeoutSeconds` | Timeout seconds for liveness probe | int | `15` | +| `redis.masterGroupName` | Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated | string | `"mymaster"` | +| `redis.port` | Port to access the redis service | int | `6379` | +| `redis.readinessProbe` | Readiness probe parameters for redis container | object | `{"enabled":true,"failureThreshold":5,"initialDelaySeconds":30,"periodSeconds":15,"successThreshold":1,"timeoutSeconds":15}` | +| `redis.readinessProbe.enabled` | Enable the Readiness Probe | bool | `true` | +| `redis.readinessProbe.failureThreshold` | Failure threshold for readiness probe | int | `5` | +| `redis.readinessProbe.initialDelaySeconds` | Initial delay in seconds for readiness probe | int | `30` | +| `redis.readinessProbe.periodSeconds` | Period in seconds after which readiness probe will be repeated | int | `15` | +| `redis.readinessProbe.successThreshold` | Success threshold for readiness probe | int | `1` | +| `redis.readinessProbe.timeoutSeconds` | Timeout seconds for readiness probe | int | `15` | +| `redis.resources` | CPU/Memory for master/slave nodes resource requests/limits | object | `{}` | +| `redis.startupProbe` | Startup probe parameters for redis container | object | `{"enabled":true,"failureThreshold":3,"initialDelaySeconds":5,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":15}` | +| `redis.startupProbe.enabled` | Enable Startup Probe | bool | `true` | +| `redis.startupProbe.failureThreshold` | Failure threshold for startup probe | int | `3` | +| `redis.startupProbe.initialDelaySeconds` | Initial delay in seconds for startup probe | int | `5` | +| `redis.startupProbe.periodSeconds` | Period in seconds after which startup probe will be repeated | int | `10` | +| `redis.startupProbe.successThreshold` | Success threshold for startup probe | int | `1` | +| `redis.startupProbe.timeoutSeconds` | Timeout seconds for startup probe | int | `15` | +| `redis.terminationGracePeriodSeconds` | Increase terminationGracePeriodSeconds to allow writing large RDB snapshots. (k8s default is 30s) ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination-forced | int | `60` | +| `redis.tlsPort` | TLS Port to access the redis service | int | `nil` | +| `redis.tlsReplication` | Configures redis with tls-replication parameter, if true sets "tls-replication yes" in redis.conf | bool | `nil` | +| `redis.updateStrategy` | Update strategy for Redis StatefulSet # ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies | object | `{"type":"RollingUpdate"}` | +| `redisPassword` | A password that configures a `requirepass` and `masterauth` in the conf parameters (Requires `auth: enabled`) | string | `nil` | +| `replicas` | Number of redis master/slave | int | `3` | +| `restore.existingSecret` | Set existingSecret to true to use secret specified in existingSecret above | bool | `false` | +| `restore.s3.access_key` | Restore init container - AWS AWS_ACCESS_KEY_ID to access restore.s3.source | string | `""` | +| `restore.s3.region` | Restore init container - AWS AWS_REGION to access restore.s3.source | string | `""` | +| `restore.s3.secret_key` | Restore init container - AWS AWS_SECRET_ACCESS_KEY to access restore.s3.source | string | `""` | +| `restore.s3.source` | Restore init container - AWS S3 location of dump - i.e. s3://bucket/dump.rdb or false | string | `""` | +| `restore.ssh.key` | Restore init container - SSH private key to scp restore.ssh.source to init container. Key should be in one line separated with \n. i.e. `-----BEGIN RSA PRIVATE KEY-----\n...\n...\n-----END RSA PRIVATE KEY-----` | string | `""` | +| `restore.ssh.source` | Restore init container - SSH scp location of dump - i.e. user@server:/path/dump.rdb or false | string | `""` | +| `restore.timeout` | Timeout for the restore | int | `600` | +| `ro_replicas` | Comma separated list of slaves which never get promoted to be master. Count starts with 0. Allowed values 1-9. i.e. 3,4 - 3th and 4th redis slave never make it to be master, where master is index 0. | string | `""` | +| `schedulerName` | Use an alternate scheduler, e.g. "stork". ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ | string | `""` | +| `securityContext` | Security context to be added to the Redis StatefulSet. | object | `{"fsGroup":1000,"runAsNonRoot":true,"runAsUser":1000}` | +| `serviceAccount.annotations` | Annotations to be added to the service account for the redis statefulset | object | `{}` | +| `serviceAccount.automountToken` | opt in/out of automounting API credentials into container. Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ | bool | `true` | +| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | bool | `true` | +| `serviceAccount.name` | The name of the ServiceAccount to use. If not set and create is true, a name is generated using the redis-ha.fullname template | string | `""` | +| `serviceLabels` | Custom labels for redis service | object | `{}` | +| `splitBrainDetection.interval` | Interval between redis sentinel and server split brain checks (in seconds) | int | `60` | +| `splitBrainDetection.resources` | splitBrainDetection resources | object | `{}` | +| `sysctlImage.command` | sysctlImage command to execute | list | `[]` | +| `sysctlImage.enabled` | Enable an init container to modify Kernel settings | bool | `false` | +| `sysctlImage.mountHostSys` | Mount the host `/sys` folder to `/host-sys` | bool | `false` | +| `sysctlImage.pullPolicy` | sysctlImage Init container pull policy | string | `"Always"` | +| `sysctlImage.registry` | sysctlImage Init container registry | string | `"public.ecr.aws/docker/library"` | +| `sysctlImage.repository` | sysctlImage Init container name | string | `"busybox"` | +| `sysctlImage.resources` | sysctlImage resources | object | `{}` | +| `sysctlImage.tag` | sysctlImage Init container tag | string | `"1.34.1"` | +| `tls.caCertFile` | Name of CA certificate file | string | `"ca.crt"` | +| `tls.certFile` | Name of certificate file | string | `"redis.crt"` | +| `tls.dhParamsFile` | Name of Diffie-Hellman (DH) key exchange parameters file (Example: redis.dh) | string | `nil` | +| `tls.keyFile` | Name of key file | string | `"redis.key"` | +| `topologySpreadConstraints.enabled` | Enable topology spread constraints | bool | `false` | +| `topologySpreadConstraints.maxSkew` | Max skew of pods tolerated | string | `""` | +| `topologySpreadConstraints.topologyKey` | Topology key for spread constraints | string | `""` | +| `topologySpreadConstraints.whenUnsatisfiable` | Enforcement policy, hard or soft | string | `""` | + +### Redis Sentinel parameters + +| Parameter | Description | Type | Default | +|-----|------|---------|-------------| +| `sentinel.auth` | Enables or disables sentinel AUTH (Requires `sentinel.password` to be set) | bool | `false` | +| `sentinel.authClients` | It is possible to disable client side certificates authentication when "authClients" is set to "no" | string | `""` | +| `sentinel.authKey` | The key holding the sentinel password in an existing secret. | string | `"sentinel-password"` | +| `sentinel.config` | Valid sentinel config options in this section will be applied as config options to each sentinel (see below) | object | see values.yaml | +| `sentinel.customArgs` | | list | `[]` | +| `sentinel.customCommand` | | list | `[]` | +| `sentinel.customConfig` | Allows for custom sentinel.conf files to be applied. If this is used then `sentinel.config` is ignored | string | `""` | +| `sentinel.existingSecret` | An existing secret containing a key defined by `sentinel.authKey` that configures `requirepass` in the conf parameters (Requires `sentinel.auth: enabled`, cannot be used in conjunction with `.Values.sentinel.password`) | string | `""` | +| `sentinel.extraVolumeMounts` | additional volumeMounts for Sentinel container | list | `[]` | +| `sentinel.lifecycle` | Container Lifecycle Hooks for sentinel container. Ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/ | object | `{}` | +| `sentinel.livenessProbe.enabled` | | bool | `true` | +| `sentinel.livenessProbe.failureThreshold` | Failure threshold for liveness probe | int | `5` | +| `sentinel.livenessProbe.initialDelaySeconds` | Initial delay in seconds for liveness probe | int | `30` | +| `sentinel.livenessProbe.periodSeconds` | Period in seconds after which liveness probe will be repeated | int | `15` | +| `sentinel.livenessProbe.successThreshold` | Success threshold for liveness probe | int | `1` | +| `sentinel.livenessProbe.timeoutSeconds` | Timeout seconds for liveness probe | int | `15` | +| `sentinel.password` | A password that configures a `requirepass` in the conf parameters (Requires `sentinel.auth: enabled`) | string | `nil` | +| `sentinel.port` | Port to access the sentinel service | int | `26379` | +| `sentinel.quorum` | Minimum number of nodes expected to be live. | int | `2` | +| `sentinel.readinessProbe.enabled` | | bool | `true` | +| `sentinel.readinessProbe.failureThreshold` | Failure threshold for readiness probe | int | `5` | +| `sentinel.readinessProbe.initialDelaySeconds` | Initial delay in seconds for readiness probe | int | `30` | +| `sentinel.readinessProbe.periodSeconds` | Period in seconds after which readiness probe will be repeated | int | `15` | +| `sentinel.readinessProbe.successThreshold` | Success threshold for readiness probe | int | `3` | +| `sentinel.readinessProbe.timeoutSeconds` | Timeout seconds for readiness probe | int | `15` | +| `sentinel.resources` | CPU/Memory for sentinel node resource requests/limits | object | `{}` | +| `sentinel.startupProbe` | Startup probe parameters for redis container | object | `{"enabled":true,"failureThreshold":3,"initialDelaySeconds":5,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":15}` | +| `sentinel.startupProbe.enabled` | Enable Startup Probe | bool | `true` | +| `sentinel.startupProbe.failureThreshold` | Failure threshold for startup probe | int | `3` | +| `sentinel.startupProbe.initialDelaySeconds` | Initial delay in seconds for startup probe | int | `5` | +| `sentinel.startupProbe.periodSeconds` | Period in seconds after which startup probe will be repeated | int | `10` | +| `sentinel.startupProbe.successThreshold` | Success threshold for startup probe | int | `1` | +| `sentinel.startupProbe.timeoutSeconds` | Timeout seconds for startup probe | int | `15` | +| `sentinel.tlsPort` | TLS Port to access the sentinel service | int | `nil` | +| `sentinel.tlsReplication` | Configures sentinel with tls-replication parameter, if true sets "tls-replication yes" in sentinel.conf | bool | `nil` | + +### HAProxy parameters + +| Parameter | Description | Type | Default | +|-----|------|---------|-------------| +| `haproxy.IPv6.enabled` | Enable HAProxy parameters to bind and consume IPv6 addresses. Enabled by default. | bool | `true` | +| `haproxy.additionalAffinities` | Additional affinities to add to the haproxy pods. | object | `{}` | +| `haproxy.affinity` | Override all other affinity settings for the haproxy pods with a string. | string | `""` | +| `haproxy.annotations` | HAProxy template annotations | object | `{}` | +| `haproxy.checkFall` | haproxy.cfg `check fall` setting | int | `1` | +| `haproxy.checkInterval` | haproxy.cfg `check inter` setting | string | `"1s"` | +| `haproxy.containerPort` | Modify HAProxy deployment container port | int | `6379` | +| `haproxy.containerSecurityContext` | Security context to be added to the HAProxy containers. | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"runAsNonRoot":true,"seccompProfile":{"type":"RuntimeDefault"}}` | +| `haproxy.customConfig` | Allows for custom config-haproxy.cfg file to be applied. If this is used then default config will be overwriten | string | `nil` | +| `haproxy.deploymentStrategy` | Deployment strategy for the haproxy deployment | object | `{"type":"RollingUpdate"}` | +| `haproxy.emptyDir` | Configuration of `emptyDir` | object | `{}` | +| `haproxy.enabled` | Enabled HAProxy LoadBalancing/Proxy | bool | `false` | +| `haproxy.extraConfig` | Allows to place any additional configuration section to add to the default config-haproxy.cfg | string | `nil` | +| `haproxy.hardAntiAffinity` | Whether the haproxy pods should be forced to run on separate nodes. | bool | `true` | +| `haproxy.image.pullPolicy` | HAProxy Image PullPolicy | string | `"IfNotPresent"` | +| `haproxy.image.repository` | HAProxy Image Repository | string | `"public.ecr.aws/docker/library/haproxy"` | +| `haproxy.image.tag` | HAProxy Image Tag | string | `"2.9.4-alpine"` | +| `haproxy.imagePullSecrets` | Reference to one or more secrets to be used when pulling images ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ | list | `[]` | +| `haproxy.init.resources` | Extra init resources | object | `{}` | +| `haproxy.labels` | Custom labels for the haproxy pod | object | `{}` | +| `haproxy.lifecycle` | Container lifecycle hooks. Ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/ | object | `{}` | +| `haproxy.metrics.enabled` | HAProxy enable prometheus metric scraping | bool | `false` | +| `haproxy.metrics.port` | HAProxy prometheus metrics scraping port | int | `9101` | +| `haproxy.metrics.portName` | HAProxy metrics scraping port name | string | `"http-exporter-port"` | +| `haproxy.metrics.scrapePath` | HAProxy prometheus metrics scraping path | string | `"/metrics"` | +| `haproxy.metrics.serviceMonitor.disableAPICheck` | Disable API Check on ServiceMonitor | bool | `false` | +| `haproxy.metrics.serviceMonitor.enabled` | When set true then use a ServiceMonitor to configure scraping | bool | `false` | +| `haproxy.metrics.serviceMonitor.endpointAdditionalProperties` | Set additional properties for the ServiceMonitor endpoints such as relabeling, scrapeTimeout, tlsConfig, and more. | object | `{}` | +| `haproxy.metrics.serviceMonitor.interval` | Set how frequently Prometheus should scrape (default is 30s) | string | `""` | +| `haproxy.metrics.serviceMonitor.labels` | Set labels for the ServiceMonitor, use this to define your scrape label for Prometheus Operator | object | `{}` | +| `haproxy.metrics.serviceMonitor.namespace` | Set the namespace the ServiceMonitor should be deployed | string | `.Release.Namespace` | +| `haproxy.metrics.serviceMonitor.telemetryPath` | Set path to redis-exporter telemtery-path (default is /metrics) | string | `""` | +| `haproxy.metrics.serviceMonitor.timeout` | Set timeout for scrape (default is 10s) | string | `""` | +| `haproxy.networkPolicy.annotations` | Annotations for Haproxy NetworkPolicy | object | `{}` | +| `haproxy.networkPolicy.egressRules` | user can define egress rules too, uses the same structure as ingressRules | list | `[]` | +| `haproxy.networkPolicy.enabled` | whether NetworkPolicy for Haproxy should be created | bool | `false` | +| `haproxy.networkPolicy.ingressRules` | user defined ingress rules that Haproxy should permit into. uses the format defined in https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors | list | `[]` | +| `haproxy.networkPolicy.labels` | Labels for Haproxy NetworkPolicy | object | `{}` | +| `haproxy.podDisruptionBudget` | Pod Disruption Budget ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ | object | `{}` | +| `haproxy.priorityClassName` | Kubernetes priorityClass name for the haproxy pod | string | `""` | +| `haproxy.readOnly` | Enable read-only redis-slaves | object | `{"enabled":false,"port":6380}` | +| `haproxy.readOnly.enabled` | Enable if you want a dedicated port in haproxy for redis-slaves | bool | `false` | +| `haproxy.readOnly.port` | Port for the read-only redis-slaves | int | `6380` | +| `haproxy.replicas` | Number of HAProxy instances | int | `3` | +| `haproxy.resources` | HAProxy resources | object | `{}` | +| `haproxy.securityContext` | Security context to be added to the HAProxy deployment. | object | `{"fsGroup":99,"runAsNonRoot":true,"runAsUser":99}` | +| `haproxy.service.annotations` | HAProxy service annotations | string | `nil` | +| `haproxy.service.externalIPs` | HAProxy external IPs | object | `{}` | +| `haproxy.service.externalTrafficPolicy` | HAProxy service externalTrafficPolicy value (haproxy.service.type must be LoadBalancer) | string | `nil` | +| `haproxy.service.labels` | HAProxy service labels | object | `{}` | +| `haproxy.service.loadBalancerIP` | HAProxy service loadbalancer IP | string | `nil` | +| `haproxy.service.loadBalancerSourceRanges` | List of CIDR's allowed to connect to LoadBalancer | list | `[]` | +| `haproxy.service.nodePort` | HAProxy service nodePort value (haproxy.service.type must be NodePort) | int | `nil` | +| `haproxy.service.type` | HAProxy service type "ClusterIP", "LoadBalancer" or "NodePort" | string | `"ClusterIP"` | +| `haproxy.serviceAccount.automountToken` | | bool | `false` | +| `haproxy.serviceAccount.create` | Specifies whether a ServiceAccount should be created | bool | `true` | +| `haproxy.serviceAccountName` | HAProxy serviceAccountName | string | `"redis-sa"` | +| `haproxy.servicePort` | Modify HAProxy service port | int | `6379` | +| `haproxy.stickyBalancing` | HAProxy sticky load balancing to Redis nodes. Helps with connections shutdown. | bool | `false` | +| `haproxy.tests.resources` | Pod resources for the tests against HAProxy. | object | `{}` | +| `haproxy.timeout.check` | haproxy.cfg `timeout check` setting | string | `"2s"` | +| `haproxy.timeout.client` | haproxy.cfg `timeout client` setting | string | `"330s"` | +| `haproxy.timeout.connect` | haproxy.cfg `timeout connect` setting | string | `"4s"` | +| `haproxy.timeout.server` | haproxy.cfg `timeout server` setting | string | `"330s"` | +| `haproxy.tls` | Enable TLS termination on HAproxy, This will create a volume mount | object | `{"certMountPath":"/tmp/","enabled":false,"keyName":null,"secretName":""}` | +| `haproxy.tls.certMountPath` | Path to mount the secret that contains the certificates. haproxy | string | `"/tmp/"` | +| `haproxy.tls.enabled` | If "true" this will enable TLS termination on haproxy | bool | `false` | +| `haproxy.tls.keyName` | Key file name | string | `nil` | +| `haproxy.tls.secretName` | Secret containing the .pem file | string | `""` | + +### Prometheus exporter parameters + +| Parameter | Description | Type | Default | +|-----|------|---------|-------------| +| `exporter.address` | Address/Host for Redis instance. Exists to circumvent issues with IPv6 dns resolution that occurs on certain environments | string | `"localhost"` | +| `exporter.enabled` | If `true`, the prometheus exporter sidecar is enabled | bool | `false` | +| `exporter.extraArgs` | Additional args for redis exporter | object | `{}` | +| `exporter.image` | Exporter image | string | `"oliver006/redis_exporter"` | +| `exporter.livenessProbe.httpGet.path` | Exporter liveness probe httpGet path | string | `"/metrics"` | +| `exporter.livenessProbe.httpGet.port` | Exporter liveness probe httpGet port | int | `9121` | +| `exporter.livenessProbe.initialDelaySeconds` | Initial delay in seconds for liveness probe of exporter | int | `15` | +| `exporter.livenessProbe.periodSeconds` | Period in seconds after which liveness probe will be repeated | int | `15` | +| `exporter.livenessProbe.timeoutSeconds` | Timeout seconds for liveness probe of exporter | int | `3` | +| `exporter.port` | Exporter port | int | `9121` | +| `exporter.portName` | Exporter port name | string | `"exporter-port"` | +| `exporter.pullPolicy` | Exporter image pullPolicy | string | `"IfNotPresent"` | +| `exporter.readinessProbe.httpGet.path` | Exporter readiness probe httpGet path | string | `"/metrics"` | +| `exporter.readinessProbe.httpGet.port` | Exporter readiness probe httpGet port | int | `9121` | +| `exporter.readinessProbe.initialDelaySeconds` | Initial delay in seconds for readiness probe of exporter | int | `15` | +| `exporter.readinessProbe.periodSeconds` | Period in seconds after which readiness probe will be repeated | int | `15` | +| `exporter.readinessProbe.successThreshold` | Success threshold for readiness probe of exporter | int | `2` | +| `exporter.readinessProbe.timeoutSeconds` | Timeout seconds for readiness probe of exporter | int | `3` | +| `exporter.resources` | cpu/memory resource limits/requests | object | `{}` | +| `exporter.scrapePath` | Exporter scrape path | string | `"/metrics"` | +| `exporter.script` | A custom custom Lua script that will be mounted to exporter for collection of custom metrics. Creates a ConfigMap and sets env var `REDIS_EXPORTER_SCRIPT`. | string | `""` | +| `exporter.serviceMonitor.disableAPICheck` | Disable API Check on ServiceMonitor | bool | `false` | +| `exporter.serviceMonitor.enabled` | When set true then use a ServiceMonitor to configure scraping | bool | `false` | +| `exporter.serviceMonitor.endpointAdditionalProperties` | Set additional properties for the ServiceMonitor endpoints such as relabeling, scrapeTimeout, tlsConfig, and more. | object | `{}` | +| `exporter.serviceMonitor.interval` | Set how frequently Prometheus should scrape (default is 30s) | string | `""` | +| `exporter.serviceMonitor.labels` | Set labels for the ServiceMonitor, use this to define your scrape label for Prometheus Operator | object | `{}` | +| `exporter.serviceMonitor.namespace` | Set the namespace the ServiceMonitor should be deployed | string | `.Release.Namespace` | +| `exporter.serviceMonitor.telemetryPath` | Set path to redis-exporter telemtery-path (default is /metrics) | string | `""` | +| `exporter.serviceMonitor.timeout` | Set timeout for scrape (default is 10s) | string | `""` | +| `exporter.tag` | Exporter image tag | string | `"v1.57.0"` | +| `prometheusRule.additionalLabels` | Additional labels to be set in metadata. | object | `{}` | +| `prometheusRule.enabled` | If true, creates a Prometheus Operator PrometheusRule. | bool | `false` | +| `prometheusRule.interval` | How often rules in the group are evaluated (falls back to `global.evaluation_interval` if not set). | string | `"10s"` | +| `prometheusRule.namespace` | Namespace which Prometheus is running in. | string | `nil` | +| `prometheusRule.rules` | Rules spec template (see https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#rule). | list | `[]` | + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```bash +$ helm repo add dandydev https://dandydeveloper.github.io/charts +$ helm install \ + --set image=redis \ + --set tag=5.0.5-alpine \ + dandydev/redis-ha +``` + +The above command sets the Redis server within `default` namespace. + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```bash +helm install -f values.yaml dandydev/redis-ha +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## Custom Redis and Sentinel config options + +This chart allows for most redis or sentinel config options to be passed as a key value pair through the `values.yaml` under `redis.config` and `sentinel.config`. See links below for all available options. + +[Example redis.conf](http://download.redis.io/redis-stable/redis.conf) +[Example sentinel.conf](http://download.redis.io/redis-stable/sentinel.conf) + +For example `repl-timeout 60` would be added to the `redis.config` section of the `values.yaml` as: + +```yml + repl-timeout: "60" +``` + +Note: + +1. Some config options should be renamed by redis version,e.g.: + + ```yml + # In redis 5.x,see https://raw.githubusercontent.com/antirez/redis/5.0/redis.conf + min-replicas-to-write: 1 + min-replicas-max-lag: 5 + + # In redis 4.x and redis 3.x,see https://raw.githubusercontent.com/antirez/redis/4.0/redis.conf and https://raw.githubusercontent.com/antirez/redis/3.0/redis.conf + min-slaves-to-write 1 + min-slaves-max-lag 5 + ``` + +Sentinel options supported must be in the the `sentinel