From 9bbc52d51300300ebf648a23656eefed5e6c6636 Mon Sep 17 00:00:00 2001 From: Tamal Saha Date: Thu, 31 Oct 2024 15:21:43 -0700 Subject: [PATCH] Add Gateway chart schema (#152) Signed-off-by: Tamal Saha --- apis/installer/v1alpha1/types_test.go | 1 + .../v1alpha1/voyager_gateway_types.go | 165 + .../v1alpha1/zz_generated.deepcopy.go | 531 +++ .../values.openapiv3_schema.yaml | 3366 +++++++++++++++++ charts/voyager-gateway/values.yaml | 2 +- 5 files changed, 4064 insertions(+), 1 deletion(-) create mode 100644 apis/installer/v1alpha1/voyager_gateway_types.go create mode 100644 charts/voyager-gateway/values.openapiv3_schema.yaml diff --git a/apis/installer/v1alpha1/types_test.go b/apis/installer/v1alpha1/types_test.go index 5af94905..8751d2d1 100644 --- a/apis/installer/v1alpha1/types_test.go +++ b/apis/installer/v1alpha1/types_test.go @@ -28,6 +28,7 @@ import ( func TestDefaultValues(t *testing.T) { checker := schemachecker.New(os.DirFS("../../.."), schemachecker.TestCase{Obj: v1alpha1.GatewayConverterSpec{}}, + schemachecker.TestCase{Obj: v1alpha1.VoyagerGatewaySpec{}}, schemachecker.TestCase{Obj: v1alpha1.VoyagerSpec{}}, ) checker.TestAll(t) diff --git a/apis/installer/v1alpha1/voyager_gateway_types.go b/apis/installer/v1alpha1/voyager_gateway_types.go new file mode 100644 index 00000000..a139bbc2 --- /dev/null +++ b/apis/installer/v1alpha1/voyager_gateway_types.go @@ -0,0 +1,165 @@ +/* +Copyright AppsCode Inc. and Contributors + +Licensed under the AppsCode Community License 1.0.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + https://github.com/appscode/licenses/raw/1.0.0/AppsCode-Community-1.0.0.md + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha1 + +import ( + core "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +const ( + ResourceKindVoyagerGateway = "VoyagerGateway" + ResourceVoyagerGateway = "oyagergateway" + ResourceVoyagerGateways = "oyagergateways" +) + +// VoyagerGateway defines the schama for VoyagerGateway operator installer. + +// +genclient +// +genclient:skipVerbs=updateStatus +// +k8s:openapi-gen=true +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// +kubebuilder:object:root=true +type VoyagerGateway struct { + metav1.TypeMeta `json:",inline,omitempty"` + metav1.ObjectMeta `json:"metadata,omitempty"` + Spec VoyagerGatewaySpec `json:"spec,omitempty"` +} + +// VoyagerGatewaySpec is the schema for Operator Operator values file +type VoyagerGatewaySpec struct { + Global *VoyagerGatewayGlobal `json:"global,omitempty"` + PodDisruptionBudget *PodDisruptionBudgetSpec `json:"podDisruptionBudget,omitempty"` + Deployment *DeploymentSpec `json:"deployment,omitempty"` + Config *EnvoyGatewayConfig `json:"config,omitempty"` + CreateNamespace *bool `json:"createNamespace,omitempty"` + KubernetesClusterDomain *string `json:"kubernetesClusterDomain,omitempty"` + Certgen *CertgenSpec `json:"certgen,omitempty"` + GatewayConverter *VoyagerGatewayConverter `json:"gateway-converter,omitempty"` +} + +type VoyagerGatewayGlobal struct { + Images Images `json:"images"` +} + +type Images struct { + EnvoyGateway ImageDetails `json:"envoyGateway"` + Ratelimit ImageDetails `json:"ratelimit"` +} + +type ImageDetails struct { + Image string `json:"image"` + PullPolicy string `json:"pullPolicy"` + PullSecrets []core.LocalObjectReference `json:"pullSecrets"` +} + +type PodDisruptionBudgetSpec struct { + MinAvailable int `json:"minAvailable"` +} + +type DeploymentSpec struct { + EnvoyGateway EnvoyGatewayDeployment `json:"envoyGateway"` + Ports []Port `json:"ports"` + Replicas int `json:"replicas"` + Pod PodTemplateSpec `json:"pod"` +} + +type EnvoyGatewayDeployment struct { + Image ImageSpec `json:"image"` + ImagePullPolicy string `json:"imagePullPolicy"` + ImagePullSecrets []core.LocalObjectReference `json:"imagePullSecrets"` + Resources core.ResourceRequirements `json:"resources"` + SecurityContext *core.SecurityContext `json:"securityContext,omitempty"` +} + +type ImageSpec struct { + Repository string `json:"repository"` + Tag string `json:"tag"` +} + +type Port struct { + Name string `json:"name"` + Port int `json:"port"` + TargetPort int `json:"targetPort"` +} + +type PodTemplateSpec struct { + Affinity *core.Affinity `json:"affinity"` + Annotations map[string]string `json:"annotations"` + Labels map[string]string `json:"labels"` + TopologySpreadConstraints []core.TopologySpreadConstraint `json:"topologySpreadConstraints"` + Tolerations []core.Toleration `json:"tolerations"` +} + +type EnvoyGatewayConfig struct { + EnvoyGateway EnvoyGatewaySpec `json:"envoyGateway"` +} + +type EnvoyGatewaySpec struct { + Gateway *GatewayControllerSpec `json:"gateway,omitempty"` + Provider *GatewayProviderSpec `json:"provider,omitempty"` + Logging *LoggingSpec `json:"logging,omitempty"` +} + +type GatewayControllerSpec struct { + ControllerName string `json:"controllerName"` +} + +type GatewayProviderSpec struct { + Type string `json:"type"` +} + +type LoggingSpec struct { + Level LoggingLevel `json:"level"` +} + +type LoggingLevel struct { + Default string `json:"default"` +} + +type CertgenSpec struct { + Job CertgenJobSpec `json:"job"` + Rbac CertgenRbacMetadata `json:"rbac"` +} + +type CertgenJobSpec struct { + Annotations map[string]string `json:"annotations"` + Resources core.ResourceRequirements `json:"resources"` + TtlSecondsAfterFinished int `json:"ttlSecondsAfterFinished"` + SecurityContext *core.SecurityContext `json:"securityContext,omitempty"` +} + +type CertgenRbacMetadata struct { + Annotations map[string]string `json:"annotations"` + Labels map[string]string `json:"labels"` +} + +type VoyagerGatewayConverter struct { + Enabled bool `json:"enabled"` + *GatewayConverterSpec `json:",inline,omitempty"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// VoyagerGatewayList is a list of VoyagerGateways +type VoyagerGatewayList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + // Items is a list of VoyagerGateway CRD objects + Items []VoyagerGateway `json:"items,omitempty"` +} diff --git a/apis/installer/v1alpha1/zz_generated.deepcopy.go b/apis/installer/v1alpha1/zz_generated.deepcopy.go index 1cb26367..b56f2442 100644 --- a/apis/installer/v1alpha1/zz_generated.deepcopy.go +++ b/apis/installer/v1alpha1/zz_generated.deepcopy.go @@ -26,6 +26,83 @@ import ( runtime "k8s.io/apimachinery/pkg/runtime" ) +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CertgenJobSpec) DeepCopyInto(out *CertgenJobSpec) { + *out = *in + if in.Annotations != nil { + in, out := &in.Annotations, &out.Annotations + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + in.Resources.DeepCopyInto(&out.Resources) + if in.SecurityContext != nil { + in, out := &in.SecurityContext, &out.SecurityContext + *out = new(v1.SecurityContext) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertgenJobSpec. +func (in *CertgenJobSpec) DeepCopy() *CertgenJobSpec { + if in == nil { + return nil + } + out := new(CertgenJobSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CertgenRbacMetadata) DeepCopyInto(out *CertgenRbacMetadata) { + *out = *in + if in.Annotations != nil { + in, out := &in.Annotations, &out.Annotations + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.Labels != nil { + in, out := &in.Labels, &out.Labels + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertgenRbacMetadata. +func (in *CertgenRbacMetadata) DeepCopy() *CertgenRbacMetadata { + if in == nil { + return nil + } + out := new(CertgenRbacMetadata) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CertgenSpec) DeepCopyInto(out *CertgenSpec) { + *out = *in + in.Job.DeepCopyInto(&out.Job) + in.Rbac.DeepCopyInto(&out.Rbac) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertgenSpec. +func (in *CertgenSpec) DeepCopy() *CertgenSpec { + if in == nil { + return nil + } + out := new(CertgenSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CleanerRef) DeepCopyInto(out *CleanerRef) { *out = *in @@ -105,6 +182,121 @@ func (in *ContianerRef) DeepCopy() *ContianerRef { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DeploymentSpec) DeepCopyInto(out *DeploymentSpec) { + *out = *in + in.EnvoyGateway.DeepCopyInto(&out.EnvoyGateway) + if in.Ports != nil { + in, out := &in.Ports, &out.Ports + *out = make([]Port, len(*in)) + copy(*out, *in) + } + in.Pod.DeepCopyInto(&out.Pod) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DeploymentSpec. +func (in *DeploymentSpec) DeepCopy() *DeploymentSpec { + if in == nil { + return nil + } + out := new(DeploymentSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EnvoyGatewayConfig) DeepCopyInto(out *EnvoyGatewayConfig) { + *out = *in + in.EnvoyGateway.DeepCopyInto(&out.EnvoyGateway) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyGatewayConfig. +func (in *EnvoyGatewayConfig) DeepCopy() *EnvoyGatewayConfig { + if in == nil { + return nil + } + out := new(EnvoyGatewayConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EnvoyGatewayDeployment) DeepCopyInto(out *EnvoyGatewayDeployment) { + *out = *in + out.Image = in.Image + if in.ImagePullSecrets != nil { + in, out := &in.ImagePullSecrets, &out.ImagePullSecrets + *out = make([]v1.LocalObjectReference, len(*in)) + copy(*out, *in) + } + in.Resources.DeepCopyInto(&out.Resources) + if in.SecurityContext != nil { + in, out := &in.SecurityContext, &out.SecurityContext + *out = new(v1.SecurityContext) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyGatewayDeployment. +func (in *EnvoyGatewayDeployment) DeepCopy() *EnvoyGatewayDeployment { + if in == nil { + return nil + } + out := new(EnvoyGatewayDeployment) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EnvoyGatewaySpec) DeepCopyInto(out *EnvoyGatewaySpec) { + *out = *in + if in.Gateway != nil { + in, out := &in.Gateway, &out.Gateway + *out = new(GatewayControllerSpec) + **out = **in + } + if in.Provider != nil { + in, out := &in.Provider, &out.Provider + *out = new(GatewayProviderSpec) + **out = **in + } + if in.Logging != nil { + in, out := &in.Logging, &out.Logging + *out = new(LoggingSpec) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyGatewaySpec. +func (in *EnvoyGatewaySpec) DeepCopy() *EnvoyGatewaySpec { + if in == nil { + return nil + } + out := new(EnvoyGatewaySpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GatewayControllerSpec) DeepCopyInto(out *GatewayControllerSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayControllerSpec. +func (in *GatewayControllerSpec) DeepCopy() *GatewayControllerSpec { + if in == nil { + return nil + } + out := new(GatewayControllerSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *GatewayConverter) DeepCopyInto(out *GatewayConverter) { *out = *in @@ -253,6 +445,22 @@ func (in *GatewayConverterSpec) DeepCopy() *GatewayConverterSpec { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GatewayProviderSpec) DeepCopyInto(out *GatewayProviderSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayProviderSpec. +func (in *GatewayProviderSpec) DeepCopy() *GatewayProviderSpec { + if in == nil { + return nil + } + out := new(GatewayProviderSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *HealthcheckSpec) DeepCopyInto(out *HealthcheckSpec) { *out = *in @@ -269,6 +477,27 @@ func (in *HealthcheckSpec) DeepCopy() *HealthcheckSpec { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ImageDetails) DeepCopyInto(out *ImageDetails) { + *out = *in + if in.PullSecrets != nil { + in, out := &in.PullSecrets, &out.PullSecrets + *out = make([]v1.LocalObjectReference, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageDetails. +func (in *ImageDetails) DeepCopy() *ImageDetails { + if in == nil { + return nil + } + out := new(ImageDetails) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ImageRef) DeepCopyInto(out *ImageRef) { *out = *in @@ -285,6 +514,73 @@ func (in *ImageRef) DeepCopy() *ImageRef { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ImageSpec) DeepCopyInto(out *ImageSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageSpec. +func (in *ImageSpec) DeepCopy() *ImageSpec { + if in == nil { + return nil + } + out := new(ImageSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Images) DeepCopyInto(out *Images) { + *out = *in + in.EnvoyGateway.DeepCopyInto(&out.EnvoyGateway) + in.Ratelimit.DeepCopyInto(&out.Ratelimit) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Images. +func (in *Images) DeepCopy() *Images { + if in == nil { + return nil + } + out := new(Images) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *LoggingLevel) DeepCopyInto(out *LoggingLevel) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LoggingLevel. +func (in *LoggingLevel) DeepCopy() *LoggingLevel { + if in == nil { + return nil + } + out := new(LoggingLevel) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *LoggingSpec) DeepCopyInto(out *LoggingSpec) { + *out = *in + out.Level = in.Level + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LoggingSpec. +func (in *LoggingSpec) DeepCopy() *LoggingSpec { + if in == nil { + return nil + } + out := new(LoggingSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Monitoring) DeepCopyInto(out *Monitoring) { *out = *in @@ -302,6 +598,87 @@ func (in *Monitoring) DeepCopy() *Monitoring { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PodDisruptionBudgetSpec) DeepCopyInto(out *PodDisruptionBudgetSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodDisruptionBudgetSpec. +func (in *PodDisruptionBudgetSpec) DeepCopy() *PodDisruptionBudgetSpec { + if in == nil { + return nil + } + out := new(PodDisruptionBudgetSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PodTemplateSpec) DeepCopyInto(out *PodTemplateSpec) { + *out = *in + if in.Affinity != nil { + in, out := &in.Affinity, &out.Affinity + *out = new(v1.Affinity) + (*in).DeepCopyInto(*out) + } + if in.Annotations != nil { + in, out := &in.Annotations, &out.Annotations + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.Labels != nil { + in, out := &in.Labels, &out.Labels + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.TopologySpreadConstraints != nil { + in, out := &in.TopologySpreadConstraints, &out.TopologySpreadConstraints + *out = make([]v1.TopologySpreadConstraint, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Tolerations != nil { + in, out := &in.Tolerations, &out.Tolerations + *out = make([]v1.Toleration, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodTemplateSpec. +func (in *PodTemplateSpec) DeepCopy() *PodTemplateSpec { + if in == nil { + return nil + } + out := new(PodTemplateSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Port) DeepCopyInto(out *Port) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Port. +func (in *Port) DeepCopy() *Port { + if in == nil { + return nil + } + out := new(Port) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ServiceAccountSpec) DeepCopyInto(out *ServiceAccountSpec) { *out = *in @@ -417,6 +794,160 @@ func (in *Voyager) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VoyagerGateway) DeepCopyInto(out *VoyagerGateway) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VoyagerGateway. +func (in *VoyagerGateway) DeepCopy() *VoyagerGateway { + if in == nil { + return nil + } + out := new(VoyagerGateway) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *VoyagerGateway) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VoyagerGatewayConverter) DeepCopyInto(out *VoyagerGatewayConverter) { + *out = *in + if in.GatewayConverterSpec != nil { + in, out := &in.GatewayConverterSpec, &out.GatewayConverterSpec + *out = new(GatewayConverterSpec) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VoyagerGatewayConverter. +func (in *VoyagerGatewayConverter) DeepCopy() *VoyagerGatewayConverter { + if in == nil { + return nil + } + out := new(VoyagerGatewayConverter) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VoyagerGatewayGlobal) DeepCopyInto(out *VoyagerGatewayGlobal) { + *out = *in + in.Images.DeepCopyInto(&out.Images) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VoyagerGatewayGlobal. +func (in *VoyagerGatewayGlobal) DeepCopy() *VoyagerGatewayGlobal { + if in == nil { + return nil + } + out := new(VoyagerGatewayGlobal) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VoyagerGatewayList) DeepCopyInto(out *VoyagerGatewayList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]VoyagerGateway, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VoyagerGatewayList. +func (in *VoyagerGatewayList) DeepCopy() *VoyagerGatewayList { + if in == nil { + return nil + } + out := new(VoyagerGatewayList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *VoyagerGatewayList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VoyagerGatewaySpec) DeepCopyInto(out *VoyagerGatewaySpec) { + *out = *in + if in.Global != nil { + in, out := &in.Global, &out.Global + *out = new(VoyagerGatewayGlobal) + (*in).DeepCopyInto(*out) + } + if in.PodDisruptionBudget != nil { + in, out := &in.PodDisruptionBudget, &out.PodDisruptionBudget + *out = new(PodDisruptionBudgetSpec) + **out = **in + } + if in.Deployment != nil { + in, out := &in.Deployment, &out.Deployment + *out = new(DeploymentSpec) + (*in).DeepCopyInto(*out) + } + if in.Config != nil { + in, out := &in.Config, &out.Config + *out = new(EnvoyGatewayConfig) + (*in).DeepCopyInto(*out) + } + if in.CreateNamespace != nil { + in, out := &in.CreateNamespace, &out.CreateNamespace + *out = new(bool) + **out = **in + } + if in.KubernetesClusterDomain != nil { + in, out := &in.KubernetesClusterDomain, &out.KubernetesClusterDomain + *out = new(string) + **out = **in + } + if in.Certgen != nil { + in, out := &in.Certgen, &out.Certgen + *out = new(CertgenSpec) + (*in).DeepCopyInto(*out) + } + if in.GatewayConverter != nil { + in, out := &in.GatewayConverter, &out.GatewayConverter + *out = new(VoyagerGatewayConverter) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VoyagerGatewaySpec. +func (in *VoyagerGatewaySpec) DeepCopy() *VoyagerGatewaySpec { + if in == nil { + return nil + } + out := new(VoyagerGatewaySpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *VoyagerList) DeepCopyInto(out *VoyagerList) { *out = *in diff --git a/charts/voyager-gateway/values.openapiv3_schema.yaml b/charts/voyager-gateway/values.openapiv3_schema.yaml new file mode 100644 index 00000000..b209e7c8 --- /dev/null +++ b/charts/voyager-gateway/values.openapiv3_schema.yaml @@ -0,0 +1,3366 @@ +properties: + certgen: + properties: + job: + properties: + annotations: + additionalProperties: + type: string + type: object + resources: + description: ResourceRequirements describes the compute resource requirements. + properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims,\ + \ that are used by this container. \n This is an alpha field and\ + \ requires enabling the DynamicResourceAllocation feature gate.\ + \ \n This field is immutable. It can only be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in pod.spec.resourceClaims + of the Pod where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults to + Limits if that is explicitly specified, otherwise to an implementation-defined + value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: SecurityContext holds security configuration that will be + applied to a container. Some fields are present in both SecurityContext + and PodSecurityContext. When both are set, the values in SecurityContext + take precedence. + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a process + can gain more privileges than its parent process. This bool directly + controls if the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: 1) + run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot + be set when spec.os.name is windows.' + type: boolean + appArmorProfile: + description: appArmorProfile is the AppArmor options to use by this + container. If set, this profile overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile loaded on the + node that should be used. The profile must be preconfigured + on the node to work. Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: 'type indicates which kind of AppArmor profile will + be applied. Valid options are: Localhost - a profile pre-loaded + on the node. RuntimeDefault - the container runtime''s default + profile. Unconfined - no AppArmor enforcement.' + type: string + required: + - type + type: object + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container + runtime. Note that this field cannot be set when spec.os.name is + windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: Run container in privileged mode. Processes in privileged + containers are essentially equivalent to root on the host. Defaults + to false. Note that this field cannot be set when spec.os.name is + windows. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use for the + containers. The default is DefaultProcMount which uses the container + runtime defaults for readonly paths and masked paths. This requires + the ProcMountType feature flag to be enabled. Note that this field + cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. Note that this field cannot be set when spec.os.name + is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container process. + Uses runtime default if unset. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. Note that this field cannot + be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure + that it does not run as UID 0 (root) and fail to start the container + if it does. If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext takes + precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. May + also be set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext takes + precedence. Note that this field cannot be set when spec.os.name + is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. If + unspecified, the container runtime will allocate a random SELinux + context for each container. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. Note that this field cannot + be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies to the + container. + type: string + role: + description: Role is a SELinux role label that applies to the + container. + type: string + type: + description: Type is a SELinux type label that applies to the + container. + type: string + user: + description: User is a SELinux user label that applies to the + container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this container. If seccomp + options are provided at both the pod & container level, the container + options override the pod options. Note that this field cannot be + set when spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined in a + file on the node should be used. The profile must be preconfigured + on the node to work. Must be a descending path, relative to + the kubelet's configured seccomp profile location. Must be set + if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: "type indicates which kind of seccomp profile will\ + \ be applied. Valid options are: \n Localhost - a profile defined\ + \ in a file on the node should be used. RuntimeDefault - the\ + \ container runtime default profile should be used. Unconfined\ + \ - no profile should be applied." + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be + used. If set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. Note that this + field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the + contents of the GMSA credential spec named by the GMSACredentialSpecName + field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential + spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should be run + as a 'Host Process' container. All of a Pod's containers must + have the same effective HostProcess value (it is not allowed + to have a mix of HostProcess containers and non-HostProcess + containers). In addition, if HostProcess is true then HostNetwork + must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint of + the container process. Defaults to the user specified in image + metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: string + type: object + type: object + ttlSecondsAfterFinished: + type: integer + required: + - annotations + - resources + - ttlSecondsAfterFinished + type: object + rbac: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + required: + - annotations + - labels + type: object + required: + - job + - rbac + type: object + config: + properties: + envoyGateway: + properties: + gateway: + properties: + controllerName: + type: string + required: + - controllerName + type: object + logging: + properties: + level: + properties: + default: + type: string + required: + - default + type: object + required: + - level + type: object + provider: + properties: + type: + type: string + required: + - type + type: object + type: object + required: + - envoyGateway + type: object + createNamespace: + type: boolean + deployment: + properties: + envoyGateway: + properties: + image: + properties: + repository: + type: string + tag: + type: string + required: + - repository + - tag + type: object + imagePullPolicy: + type: string + imagePullSecrets: + items: + description: LocalObjectReference contains enough information to let + you locate the referenced object inside the same namespace. + properties: + name: + default: '' + description: 'Name of the referent. This field is effectively required, + but due to backwards compatibility is allowed to be empty. Instances + of this type with an empty value here are almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + resources: + description: ResourceRequirements describes the compute resource requirements. + properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims,\ + \ that are used by this container. \n This is an alpha field and\ + \ requires enabling the DynamicResourceAllocation feature gate.\ + \ \n This field is immutable. It can only be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in pod.spec.resourceClaims + of the Pod where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults to + Limits if that is explicitly specified, otherwise to an implementation-defined + value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: SecurityContext holds security configuration that will be + applied to a container. Some fields are present in both SecurityContext + and PodSecurityContext. When both are set, the values in SecurityContext + take precedence. + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a process + can gain more privileges than its parent process. This bool directly + controls if the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: 1) + run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot + be set when spec.os.name is windows.' + type: boolean + appArmorProfile: + description: appArmorProfile is the AppArmor options to use by this + container. If set, this profile overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile loaded on the + node that should be used. The profile must be preconfigured + on the node to work. Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: 'type indicates which kind of AppArmor profile will + be applied. Valid options are: Localhost - a profile pre-loaded + on the node. RuntimeDefault - the container runtime''s default + profile. Unconfined - no AppArmor enforcement.' + type: string + required: + - type + type: object + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container + runtime. Note that this field cannot be set when spec.os.name is + windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: Run container in privileged mode. Processes in privileged + containers are essentially equivalent to root on the host. Defaults + to false. Note that this field cannot be set when spec.os.name is + windows. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use for the + containers. The default is DefaultProcMount which uses the container + runtime defaults for readonly paths and masked paths. This requires + the ProcMountType feature flag to be enabled. Note that this field + cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. Note that this field cannot be set when spec.os.name + is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container process. + Uses runtime default if unset. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. Note that this field cannot + be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure + that it does not run as UID 0 (root) and fail to start the container + if it does. If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext takes + precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. May + also be set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext takes + precedence. Note that this field cannot be set when spec.os.name + is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. If + unspecified, the container runtime will allocate a random SELinux + context for each container. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. Note that this field cannot + be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies to the + container. + type: string + role: + description: Role is a SELinux role label that applies to the + container. + type: string + type: + description: Type is a SELinux type label that applies to the + container. + type: string + user: + description: User is a SELinux user label that applies to the + container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this container. If seccomp + options are provided at both the pod & container level, the container + options override the pod options. Note that this field cannot be + set when spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined in a + file on the node should be used. The profile must be preconfigured + on the node to work. Must be a descending path, relative to + the kubelet's configured seccomp profile location. Must be set + if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: "type indicates which kind of seccomp profile will\ + \ be applied. Valid options are: \n Localhost - a profile defined\ + \ in a file on the node should be used. RuntimeDefault - the\ + \ container runtime default profile should be used. Unconfined\ + \ - no profile should be applied." + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be + used. If set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. Note that this + field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the + contents of the GMSA credential spec named by the GMSACredentialSpecName + field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential + spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should be run + as a 'Host Process' container. All of a Pod's containers must + have the same effective HostProcess value (it is not allowed + to have a mix of HostProcess containers and non-HostProcess + containers). In addition, if HostProcess is true then HostNetwork + must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint of + the container process. Defaults to the user specified in image + metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: string + type: object + type: object + required: + - image + - imagePullPolicy + - imagePullSecrets + - resources + type: object + pod: + properties: + affinity: + description: Affinity is a group of affinity scheduling rules. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the expressions. + The node that is most preferred is the one with the greatest + sum of weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling affinity + expressions, etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node matches + the corresponding matchExpressions; the node(s) with the highest + sum are the most preferred. + items: + description: An empty preferred scheduling term matches all + objects with implicit weight 0 (i.e. it's a no-op). A null + preferred scheduling term matches no objects (i.e. is also + a no-op). + properties: + preference: + description: A node selector term, associated with the corresponding + weight. + properties: + matchExpressions: + description: A list of node selector requirements by + node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: Represents a key's relationship to + a set of values. Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator + is Gt or Lt, the values array must have a single + element, which will be interpreted as an integer. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements by + node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: Represents a key's relationship to + a set of values. Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator + is Gt or Lt, the values array must have a single + element, which will be interpreted as an integer. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this field + are not met at scheduling time, the pod will not be scheduled + onto the node. If the affinity requirements specified by this + field cease to be met at some point during pod execution (e.g. + due to an update), the system may or may not try to eventually + evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The + terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The TopologySelectorTerm + type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements by + node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: Represents a key's relationship to + a set of values. Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator + is Gt or Lt, the values array must have a single + element, which will be interpreted as an integer. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements by + node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: Represents a key's relationship to + a set of values. Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator + is Gt or Lt, the values array must have a single + element, which will be interpreted as an integer. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the expressions. + The node that is most preferred is the one with the greatest + sum of weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling affinity + expressions, etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; the node(s) + with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with + the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. If it's null, this PodAffinityTerm + matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label keys + to select which pods will be taken into consideration. + The keys are used to lookup values from the incoming + pod labels, those key-value labels are merged with + `labelSelector` as `key in (value)` to select the + group of existing pods which pods will be taken into + consideration for the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming pod labels will + be ignored. The default value is empty. The same key + is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector + isn't set. This is an alpha field and requires enabling + MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of pod label + keys to select which pods will be taken into consideration. + The keys are used to lookup values from the incoming + pod labels, those key-value labels are merged with + `labelSelector` as `key notin (value)` to select the + group of existing pods which pods will be taken into + consideration for the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming pod labels will + be ignored. The default value is empty. The same key + is forbidden to exist in both mismatchLabelKeys and + labelSelector. Also, mismatchLabelKeys cannot be set + when labelSelector isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied to the + union of the namespaces selected by this field and + the ones listed in the namespaces field. null selector + and null or empty namespaces list means "this pod's + namespace". An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace + names that the term applies to. The term is applied + to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. null or + empty namespaces list and null namespaceSelector means + "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of + any node on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this field + are not met at scheduling time, the pod will not be scheduled + onto the node. If the affinity requirements specified by this + field cease to be met at some point during pod execution (e.g. + due to a pod label update), the system may or may not try to + eventually evict the pod from its node. When there are multiple + elements, the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching the + labelSelector relative to the given namespace(s)) that this + pod should be co-located (affinity) or not co-located (anti-affinity) + with, where co-located is defined as running on a node whose + value of the label with key matches that of + any node on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, in this + case pods. If it's null, this PodAffinityTerm matches + with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label keys to + select which pods will be taken into consideration. The + keys are used to lookup values from the incoming pod labels, + those key-value labels are merged with `labelSelector` + as `key in (value)` to select the group of existing pods + which pods will be taken into consideration for the incoming + pod's pod (anti) affinity. Keys that don't exist in the + incoming pod labels will be ignored. The default value + is empty. The same key is forbidden to exist in both matchLabelKeys + and labelSelector. Also, matchLabelKeys cannot be set + when labelSelector isn't set. This is an alpha field and + requires enabling MatchLabelKeysInPodAffinity feature + gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of pod label keys + to select which pods will be taken into consideration. + The keys are used to lookup values from the incoming pod + labels, those key-value labels are merged with `labelSelector` + as `key notin (value)` to select the group of existing + pods which pods will be taken into consideration for the + incoming pod's pod (anti) affinity. Keys that don't exist + in the incoming pod labels will be ignored. The default + value is empty. The same key is forbidden to exist in + both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys + cannot be set when labelSelector isn't set. This is an + alpha field and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: A label query over the set of namespaces that + the term applies to. The term is applied to the union + of the namespaces selected by this field and the ones + listed in the namespaces field. null selector and null + or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace + names that the term applies to. The term is applied to + the union of the namespaces listed in this field and the + ones selected by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: This pod should be co-located (affinity) or + not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located + is defined as running on a node whose value of the label + with key topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. avoid + putting this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the anti-affinity expressions specified by this + field, but it may choose a node that violates one or more of + the expressions. The node that is most preferred is the one + with the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" to the + sum if the node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with + the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. If it's null, this PodAffinityTerm + matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label keys + to select which pods will be taken into consideration. + The keys are used to lookup values from the incoming + pod labels, those key-value labels are merged with + `labelSelector` as `key in (value)` to select the + group of existing pods which pods will be taken into + consideration for the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming pod labels will + be ignored. The default value is empty. The same key + is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector + isn't set. This is an alpha field and requires enabling + MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of pod label + keys to select which pods will be taken into consideration. + The keys are used to lookup values from the incoming + pod labels, those key-value labels are merged with + `labelSelector` as `key notin (value)` to select the + group of existing pods which pods will be taken into + consideration for the incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming pod labels will + be ignored. The default value is empty. The same key + is forbidden to exist in both mismatchLabelKeys and + labelSelector. Also, mismatchLabelKeys cannot be set + when labelSelector isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied to the + union of the namespaces selected by this field and + the ones listed in the namespaces field. null selector + and null or empty namespaces list means "this pod's + namespace". An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace + names that the term applies to. The term is applied + to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. null or + empty namespaces list and null namespaceSelector means + "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of + any node on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by this + field are not met at scheduling time, the pod will not be scheduled + onto the node. If the anti-affinity requirements specified by + this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may not + try to eventually evict the pod from its node. When there are + multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching the + labelSelector relative to the given namespace(s)) that this + pod should be co-located (affinity) or not co-located (anti-affinity) + with, where co-located is defined as running on a node whose + value of the label with key matches that of + any node on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, in this + case pods. If it's null, this PodAffinityTerm matches + with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label keys to + select which pods will be taken into consideration. The + keys are used to lookup values from the incoming pod labels, + those key-value labels are merged with `labelSelector` + as `key in (value)` to select the group of existing pods + which pods will be taken into consideration for the incoming + pod's pod (anti) affinity. Keys that don't exist in the + incoming pod labels will be ignored. The default value + is empty. The same key is forbidden to exist in both matchLabelKeys + and labelSelector. Also, matchLabelKeys cannot be set + when labelSelector isn't set. This is an alpha field and + requires enabling MatchLabelKeysInPodAffinity feature + gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of pod label keys + to select which pods will be taken into consideration. + The keys are used to lookup values from the incoming pod + labels, those key-value labels are merged with `labelSelector` + as `key notin (value)` to select the group of existing + pods which pods will be taken into consideration for the + incoming pod's pod (anti) affinity. Keys that don't exist + in the incoming pod labels will be ignored. The default + value is empty. The same key is forbidden to exist in + both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys + cannot be set when labelSelector isn't set. This is an + alpha field and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: A label query over the set of namespaces that + the term applies to. The term is applied to the union + of the namespaces selected by this field and the ones + listed in the namespaces field. null selector and null + or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace + names that the term applies to. The term is applied to + the union of the namespaces listed in this field and the + ones selected by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: This pod should be co-located (affinity) or + not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located + is defined as running on a node whose value of the label + with key topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + tolerations: + items: + description: The pod this Toleration is attached to tolerates any taint + that matches the triple using the matching operator + . + properties: + effect: + description: Effect indicates the taint effect to match. Empty means + match all taint effects. When specified, allowed values are NoSchedule, + PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies to. + Empty means match all taint keys. If the key is empty, operator + must be Exists; this combination means to match all values and + all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. Exists + is equivalent to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the + toleration (which must be of effect NoExecute, otherwise this + field is ignored) tolerates the taint. By default, it is not set, + which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the + system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise + just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + items: + description: TopologySpreadConstraint specifies how to spread matching + pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. Pods that + match this label selector are counted to determine the number + of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select\ + \ the pods over which spreading will be calculated. The keys are\ + \ used to lookup values from the incoming pod labels, those key-value\ + \ labels are ANDed with labelSelector to select the group of existing\ + \ pods over which spreading will be calculated for the incoming\ + \ pod. The same key is forbidden to exist in both MatchLabelKeys\ + \ and LabelSelector. MatchLabelKeys cannot be set when LabelSelector\ + \ isn't set. Keys that don't exist in the incoming pod labels\ + \ will be ignored. A null or empty list means only match against\ + \ labelSelector. \n This is a beta field and requires the MatchLabelKeysInPodTopologySpread\ + \ feature gate to be enabled (enabled by default)." + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: 'MaxSkew describes the degree to which pods may be + unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, + it is the maximum permitted difference between the number of matching + pods in the target topology and the global minimum. The global + minimum is the minimum number of matching pods in an eligible + domain or zero if the number of eligible domains is less than + MinDomains. For example, in a 3-zone cluster, MaxSkew is set to + 1, and pods with the same labelSelector spread as 2/2/1: In this + case, the global minimum is 1. | zone1 | zone2 | zone3 | | P + P | P P | P | - if MaxSkew is 1, incoming pod can only + be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) + would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher + precedence to topologies that satisfy it. It''s a required field. + Default value is 1 and 0 is not allowed.' + format: int32 + type: integer + minDomains: + description: "MinDomains indicates a minimum number of eligible\ + \ domains. When the number of eligible domains with matching topology\ + \ keys is less than minDomains, Pod Topology Spread treats \"\ + global minimum\" as 0, and then the calculation of Skew is performed.\ + \ And when the number of eligible domains with matching topology\ + \ keys equals or greater than minDomains, this value has no effect\ + \ on scheduling. As a result, when the number of eligible domains\ + \ is less than minDomains, scheduler won't schedule more than\ + \ maxSkew Pods to those domains. If value is nil, the constraint\ + \ behaves as if MinDomains is equal to 1. Valid values are integers\ + \ greater than 0. When value is not nil, WhenUnsatisfiable must\ + \ be DoNotSchedule. \n For example, in a 3-zone cluster, MaxSkew\ + \ is set to 2, MinDomains is set to 5 and pods with the same labelSelector\ + \ spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P |\ + \ P P | The number of domains is less than 5(MinDomains), so\ + \ \"global minimum\" is treated as 0. In this situation, new pod\ + \ with the same labelSelector cannot be scheduled, because computed\ + \ skew will be 3(3 - 0) if new Pod is scheduled to any of the\ + \ three zones, it will violate MaxSkew." + format: int32 + type: integer + nodeAffinityPolicy: + description: "NodeAffinityPolicy indicates how we will treat Pod's\ + \ nodeAffinity/nodeSelector when calculating pod topology spread\ + \ skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector\ + \ are included in the calculations. - Ignore: nodeAffinity/nodeSelector\ + \ are ignored. All nodes are included in the calculations. \n\ + \ If this value is nil, the behavior is equivalent to the Honor\ + \ policy. This is a beta-level feature default enabled by the\ + \ NodeInclusionPolicyInPodTopologySpread feature flag." + type: string + nodeTaintsPolicy: + description: "NodeTaintsPolicy indicates how we will treat node\ + \ taints when calculating pod topology spread skew. Options are:\ + \ - Honor: nodes without taints, along with tainted nodes for\ + \ which the incoming pod has a toleration, are included. - Ignore:\ + \ node taints are ignored. All nodes are included. \n If this\ + \ value is nil, the behavior is equivalent to the Ignore policy.\ + \ This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread\ + \ feature flag." + type: string + topologyKey: + description: TopologyKey is the key of node labels. Nodes that have + a label with this key and identical values are considered to be + in the same topology. We consider each as a "bucket", + and try to put balanced number of pods into each bucket. We define + a domain as a particular instance of a topology. Also, we define + an eligible domain as a domain whose nodes meet the requirements + of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey + is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone + is a domain of that topology. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with a pod + if it doesn''t satisfy the spread constraint. - DoNotSchedule + (default) tells the scheduler not to schedule it. - ScheduleAnyway + tells the scheduler to schedule the pod in any location, but giving + higher precedence to topologies that would help reduce the skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would + violate "MaxSkew" on some topology. For example, in a 3-zone cluster, + MaxSkew is set to 1, and pods with the same labelSelector spread + as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can + only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) + on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster + can still be imbalanced, but scheduler won''t make it *more* imbalanced. + It''s a required field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + required: + - affinity + - annotations + - labels + - tolerations + - topologySpreadConstraints + type: object + ports: + items: + properties: + name: + type: string + port: + type: integer + targetPort: + type: integer + required: + - name + - port + - targetPort + type: object + type: array + replicas: + type: integer + required: + - envoyGateway + - pod + - ports + - replicas + type: object + gateway-converter: + properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that + satisfy the affinity expressions specified by this field, but it + may choose a node that violates one or more of the expressions. + The node that is most preferred is the one with the greatest sum + of weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling affinity + expressions, etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node matches + the corresponding matchExpressions; the node(s) with the highest + sum are the most preferred. + items: + description: An empty preferred scheduling term matches all objects + with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling + term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with the corresponding + weight. + properties: + matchExpressions: + description: A list of node selector requirements by node's + labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: Represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists, + DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator + is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. If the operator is Gt or Lt, + the values array must have a single element, which + will be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements by node's + fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: Represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists, + DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator + is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. If the operator is Gt or Lt, + the values array must have a single element, which + will be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this field + are not met at scheduling time, the pod will not be scheduled onto + the node. If the affinity requirements specified by this field cease + to be met at some point during pod execution (e.g. due to an update), + the system may or may not try to eventually evict the pod from its + node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The terms + are ORed. + items: + description: A null or empty node selector term matches no objects. + The requirements of them are ANDed. The TopologySelectorTerm + type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements by node's + labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: Represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists, + DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator + is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. If the operator is Gt or Lt, + the values array must have a single element, which + will be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements by node's + fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: Represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists, + DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator + is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. If the operator is Gt or Lt, + the values array must have a single element, which + will be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate this + pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that + satisfy the affinity expressions specified by this field, but it + may choose a node that violates one or more of the expressions. + The node that is most preferred is the one with the greatest sum + of weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling affinity + expressions, etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node has pods + which matches the corresponding podAffinityTerm; the node(s) with + the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with + the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, in this + case pods. If it's null, this PodAffinityTerm matches + with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label keys to + select which pods will be taken into consideration. The + keys are used to lookup values from the incoming pod labels, + those key-value labels are merged with `labelSelector` + as `key in (value)` to select the group of existing pods + which pods will be taken into consideration for the incoming + pod's pod (anti) affinity. Keys that don't exist in the + incoming pod labels will be ignored. The default value + is empty. The same key is forbidden to exist in both matchLabelKeys + and labelSelector. Also, matchLabelKeys cannot be set + when labelSelector isn't set. This is an alpha field and + requires enabling MatchLabelKeysInPodAffinity feature + gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of pod label keys + to select which pods will be taken into consideration. + The keys are used to lookup values from the incoming pod + labels, those key-value labels are merged with `labelSelector` + as `key notin (value)` to select the group of existing + pods which pods will be taken into consideration for the + incoming pod's pod (anti) affinity. Keys that don't exist + in the incoming pod labels will be ignored. The default + value is empty. The same key is forbidden to exist in + both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys + cannot be set when labelSelector isn't set. This is an + alpha field and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: A label query over the set of namespaces that + the term applies to. The term is applied to the union + of the namespaces selected by this field and the ones + listed in the namespaces field. null selector and null + or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace + names that the term applies to. The term is applied to + the union of the namespaces listed in this field and the + ones selected by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: This pod should be co-located (affinity) or + not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located + is defined as running on a node whose value of the label + with key topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this field + are not met at scheduling time, the pod will not be scheduled onto + the node. If the affinity requirements specified by this field cease + to be met at some point during pod execution (e.g. due to a pod + label update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, the lists + of nodes corresponding to each podAffinityTerm are intersected, + i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be co-located + (affinity) or not co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the label with + key matches that of any node on which a pod of the + set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, in this + case pods. If it's null, this PodAffinityTerm matches with + no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label keys to select + which pods will be taken into consideration. The keys are + used to lookup values from the incoming pod labels, those + key-value labels are merged with `labelSelector` as `key in + (value)` to select the group of existing pods which pods will + be taken into consideration for the incoming pod's pod (anti) + affinity. Keys that don't exist in the incoming pod labels + will be ignored. The default value is empty. The same key + is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't + set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of pod label keys to + select which pods will be taken into consideration. The keys + are used to lookup values from the incoming pod labels, those + key-value labels are merged with `labelSelector` as `key notin + (value)` to select the group of existing pods which pods will + be taken into consideration for the incoming pod's pod (anti) + affinity. Keys that don't exist in the incoming pod labels + will be ignored. The default value is empty. The same key + is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't + set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: A label query over the set of namespaces that the + term applies to. The term is applied to the union of the namespaces + selected by this field and the ones listed in the namespaces + field. null selector and null or empty namespaces list means + "this pod's namespace". An empty selector ({}) matches all + namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace + names that the term applies to. The term is applied to the + union of the namespaces listed in this field and the ones + selected by namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching the labelSelector + in the specified namespaces, where co-located is defined as + running on a node whose value of the label with key topologyKey + matches that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. avoid + putting this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that + satisfy the anti-affinity expressions specified by this field, but + it may choose a node that violates one or more of the expressions. + The node that is most preferred is the one with the greatest sum + of weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node has pods + which matches the corresponding podAffinityTerm; the node(s) with + the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with + the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, in this + case pods. If it's null, this PodAffinityTerm matches + with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label keys to + select which pods will be taken into consideration. The + keys are used to lookup values from the incoming pod labels, + those key-value labels are merged with `labelSelector` + as `key in (value)` to select the group of existing pods + which pods will be taken into consideration for the incoming + pod's pod (anti) affinity. Keys that don't exist in the + incoming pod labels will be ignored. The default value + is empty. The same key is forbidden to exist in both matchLabelKeys + and labelSelector. Also, matchLabelKeys cannot be set + when labelSelector isn't set. This is an alpha field and + requires enabling MatchLabelKeysInPodAffinity feature + gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of pod label keys + to select which pods will be taken into consideration. + The keys are used to lookup values from the incoming pod + labels, those key-value labels are merged with `labelSelector` + as `key notin (value)` to select the group of existing + pods which pods will be taken into consideration for the + incoming pod's pod (anti) affinity. Keys that don't exist + in the incoming pod labels will be ignored. The default + value is empty. The same key is forbidden to exist in + both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys + cannot be set when labelSelector isn't set. This is an + alpha field and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: A label query over the set of namespaces that + the term applies to. The term is applied to the union + of the namespaces selected by this field and the ones + listed in the namespaces field. null selector and null + or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace + names that the term applies to. The term is applied to + the union of the namespaces listed in this field and the + ones selected by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: This pod should be co-located (affinity) or + not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located + is defined as running on a node whose value of the label + with key topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by this field + are not met at scheduling time, the pod will not be scheduled onto + the node. If the anti-affinity requirements specified by this field + cease to be met at some point during pod execution (e.g. due to + a pod label update), the system may or may not try to eventually + evict the pod from its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm are intersected, + i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be co-located + (affinity) or not co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the label with + key matches that of any node on which a pod of the + set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, in this + case pods. If it's null, this PodAffinityTerm matches with + no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label keys to select + which pods will be taken into consideration. The keys are + used to lookup values from the incoming pod labels, those + key-value labels are merged with `labelSelector` as `key in + (value)` to select the group of existing pods which pods will + be taken into consideration for the incoming pod's pod (anti) + affinity. Keys that don't exist in the incoming pod labels + will be ignored. The default value is empty. The same key + is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't + set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of pod label keys to + select which pods will be taken into consideration. The keys + are used to lookup values from the incoming pod labels, those + key-value labels are merged with `labelSelector` as `key notin + (value)` to select the group of existing pods which pods will + be taken into consideration for the incoming pod's pod (anti) + affinity. Keys that don't exist in the incoming pod labels + will be ignored. The default value is empty. The same key + is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't + set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: A label query over the set of namespaces that the + term applies to. The term is applied to the union of the namespaces + selected by this field and the ones listed in the namespaces + field. null selector and null or empty namespaces list means + "this pod's namespace". An empty selector ({}) matches all + namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace + names that the term applies to. The term is applied to the + union of the namespaces listed in this field and the ones + selected by namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching the labelSelector + in the specified namespaces, where co-located is defined as + running on a node whose value of the label with key topologyKey + matches that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + apiserver: + properties: + healthcheck: + properties: + enabled: + type: boolean + type: object + servingCerts: + properties: + caCrt: + type: string + generate: + type: boolean + serverCrt: + type: string + serverKey: + type: string + required: + - generate + type: object + required: + - healthcheck + - servingCerts + type: object + criticalAddon: + type: boolean + enabled: + type: boolean + fullnameOverride: + type: string + hostNetwork: + type: boolean + imagePullPolicy: + type: string + imagePullSecrets: + items: + type: string + type: array + logLevel: + format: int32 + type: integer + monitoring: + properties: + agent: + enum: + - prometheus.io + - prometheus.io/operator + - prometheus.io/builtin + type: string + serviceMonitor: + properties: + labels: + additionalProperties: + type: string + type: object + type: object + required: + - agent + - serviceMonitor + type: object + nameOverride: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + podAnnotations: + additionalProperties: + type: string + type: object + podLabels: + additionalProperties: + type: string + type: object + podSecurityContext: + description: 'PodSecurityContext holds pod-level security attributes and common + container settings. Optional: Defaults to empty. See type description for + default values of each field.' + properties: + appArmorProfile: + description: appArmorProfile is the AppArmor options to use by the containers + in this pod. Note that this field cannot be set when spec.os.name is + windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile loaded on the node + that should be used. The profile must be preconfigured on the node + to work. Must match the loaded name of the profile. Must be set + if and only if type is "Localhost". + type: string + type: + description: 'type indicates which kind of AppArmor profile will be + applied. Valid options are: Localhost - a profile pre-loaded on + the node. RuntimeDefault - the container runtime''s default profile. + Unconfined - no AppArmor enforcement.' + type: string + required: + - type + type: object + fsGroup: + description: "A special supplemental group that applies to all containers\ + \ in a pod. Some volume types allow the Kubelet to change the ownership\ + \ of that volume to be owned by the pod: \n 1. The owning GID will be\ + \ the FSGroup 2. The setgid bit is set (new files created in the volume\ + \ will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw----\ + \ \n If unset, the Kubelet will not modify the ownership and permissions\ + \ of any volume. Note that this field cannot be set when spec.os.name\ + \ is windows." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing ownership + and permission of the volume before being exposed inside Pod. This field + will only apply to volume types which support fsGroup based ownership(and + permissions). It will have no effect on ephemeral volume types such + as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified, "Always" is used. Note that this field + cannot be set when spec.os.name is windows.' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container process. Uses + runtime default if unset. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence for that container. Note that this + field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that + it does not run as UID 0 (root) and fail to start the container if it + does. If unset or false, no such validation will be performed. May also + be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. Defaults + to user specified in image metadata if unspecified. May also be set + in SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. If unspecified, + the container runtime will allocate a random SELinux context for each + container. May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext takes + precedence for that container. Note that this field cannot be set when + spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined in a file + on the node should be used. The profile must be preconfigured on + the node to work. Must be a descending path, relative to the kubelet's + configured seccomp profile location. Must be set if type is "Localhost". + Must NOT be set for any other type. + type: string + type: + description: "type indicates which kind of seccomp profile will be\ + \ applied. Valid options are: \n Localhost - a profile defined in\ + \ a file on the node should be used. RuntimeDefault - the container\ + \ runtime default profile should be used. Unconfined - no profile\ + \ should be applied." + type: string + required: + - type + type: object + supplementalGroups: + description: A list of groups applied to the first process run in each + container, in addition to the container's primary GID, the fsGroup (if + specified), and group memberships defined in the container image for + the uid of the container process. If unspecified, no additional groups + are added to any container. Note that group memberships defined in the + container image for the uid of the container process are still effective, + even if they are not included in this list. Note that this field cannot + be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + sysctls: + description: Sysctls hold a list of namespaced sysctls used for the pod. + Pods with unsupported sysctls (by the container runtime) might fail + to launch. Note that this field cannot be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext will + be used. If set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. Note that this + field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents + of the GMSA credential spec named by the GMSACredentialSpecName + field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential + spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should be run as + a 'Host Process' container. All of a Pod's containers must have + the same effective HostProcess value (it is not allowed to have + a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be + set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint of the + container process. Defaults to the user specified in image metadata + if unspecified. May also be set in PodSecurityContext. If set in + both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: string + type: object + type: object + registryFQDN: + type: string + replicaCount: + format: int32 + type: integer + server: + properties: + registry: + type: string + repository: + type: string + resources: + description: Compute Resources required by the sidecar container. + properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims,\ + \ that are used by this container. \n This is an alpha field and\ + \ requires enabling the DynamicResourceAllocation feature gate.\ + \ \n This field is immutable. It can only be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in pod.spec.resourceClaims + of the Pod where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults to + Limits if that is explicitly specified, otherwise to an implementation-defined + value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: Security options the pod should run with. + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a process + can gain more privileges than its parent process. This bool directly + controls if the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: 1) + run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot + be set when spec.os.name is windows.' + type: boolean + appArmorProfile: + description: appArmorProfile is the AppArmor options to use by this + container. If set, this profile overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile loaded on the + node that should be used. The profile must be preconfigured + on the node to work. Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: 'type indicates which kind of AppArmor profile will + be applied. Valid options are: Localhost - a profile pre-loaded + on the node. RuntimeDefault - the container runtime''s default + profile. Unconfined - no AppArmor enforcement.' + type: string + required: + - type + type: object + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container + runtime. Note that this field cannot be set when spec.os.name is + windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: Run container in privileged mode. Processes in privileged + containers are essentially equivalent to root on the host. Defaults + to false. Note that this field cannot be set when spec.os.name is + windows. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use for the + containers. The default is DefaultProcMount which uses the container + runtime defaults for readonly paths and masked paths. This requires + the ProcMountType feature flag to be enabled. Note that this field + cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. Note that this field cannot be set when spec.os.name + is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container process. + Uses runtime default if unset. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. Note that this field cannot + be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure + that it does not run as UID 0 (root) and fail to start the container + if it does. If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext takes + precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. May + also be set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext takes + precedence. Note that this field cannot be set when spec.os.name + is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. If + unspecified, the container runtime will allocate a random SELinux + context for each container. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. Note that this field cannot + be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies to the + container. + type: string + role: + description: Role is a SELinux role label that applies to the + container. + type: string + type: + description: Type is a SELinux type label that applies to the + container. + type: string + user: + description: User is a SELinux user label that applies to the + container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this container. If seccomp + options are provided at both the pod & container level, the container + options override the pod options. Note that this field cannot be + set when spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined in a + file on the node should be used. The profile must be preconfigured + on the node to work. Must be a descending path, relative to + the kubelet's configured seccomp profile location. Must be set + if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: "type indicates which kind of seccomp profile will\ + \ be applied. Valid options are: \n Localhost - a profile defined\ + \ in a file on the node should be used. RuntimeDefault - the\ + \ container runtime default profile should be used. Unconfined\ + \ - no profile should be applied." + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be + used. If set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. Note that this + field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the + contents of the GMSA credential spec named by the GMSACredentialSpecName + field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential + spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should be run + as a 'Host Process' container. All of a Pod's containers must + have the same effective HostProcess value (it is not allowed + to have a mix of HostProcess containers and non-HostProcess + containers). In addition, if HostProcess is true then HostNetwork + must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint of + the container process. Defaults to the user specified in image + metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: string + type: object + type: object + tag: + type: string + required: + - registry + - repository + - tag + type: object + serviceAccount: + properties: + annotations: + additionalProperties: + type: string + type: object + create: + type: boolean + name: + type: string + required: + - create + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates any taint + that matches the triple using the matching operator + . + properties: + effect: + description: Effect indicates the taint effect to match. Empty means + match all taint effects. When specified, allowed values are NoSchedule, + PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies to. Empty + means match all taint keys. If the key is empty, operator must be + Exists; this combination means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. Exists is + equivalent to wildcard for value, so that a pod can tolerate all taints + of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the toleration + (which must be of effect NoExecute, otherwise this field is ignored) + tolerates the taint. By default, it is not set, which means tolerate + the taint forever (do not evict). Zero and negative values will be + treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. If + the operator is Exists, the value should be empty, otherwise just + a regular string. + type: string + type: object + type: array + required: + - enabled + - hostNetwork + - imagePullPolicy + - monitoring + - registryFQDN + - replicaCount + - server + - serviceAccount + type: object + global: + properties: + images: + properties: + envoyGateway: + properties: + image: + type: string + pullPolicy: + type: string + pullSecrets: + items: + description: LocalObjectReference contains enough information to + let you locate the referenced object inside the same namespace. + properties: + name: + default: '' + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed to + be empty. Instances of this type with an empty value here + are almost certainly wrong. TODO: Add other useful fields. + apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + required: + - image + - pullPolicy + - pullSecrets + type: object + ratelimit: + properties: + image: + type: string + pullPolicy: + type: string + pullSecrets: + items: + description: LocalObjectReference contains enough information to + let you locate the referenced object inside the same namespace. + properties: + name: + default: '' + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed to + be empty. Instances of this type with an empty value here + are almost certainly wrong. TODO: Add other useful fields. + apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + required: + - image + - pullPolicy + - pullSecrets + type: object + required: + - envoyGateway + - ratelimit + type: object + required: + - images + type: object + kubernetesClusterDomain: + type: string + podDisruptionBudget: + properties: + minAvailable: + type: integer + required: + - minAvailable + type: object +type: object diff --git a/charts/voyager-gateway/values.yaml b/charts/voyager-gateway/values.yaml index c8e66714..76aaedf2 100644 --- a/charts/voyager-gateway/values.yaml +++ b/charts/voyager-gateway/values.yaml @@ -30,7 +30,7 @@ deployment: resources: limits: cpu: 500m - memory: 1024Mi + memory: 1Gi requests: cpu: 100m memory: 256Mi